Pilot launch of UBIS system
Web-based tool for self-assessment of compliance with GDPR
UBIS is developed under the National Research Program "Information and Communication Technologies for a Digital Single Market in Science, Education and Security", funded by the Ministry of Education and Science.
The National Laboratory of Computer Virology at the Bulgarian Academy of Sciences has launched a pilot Web-based tool for self-assessment of compliance with GDPR (UBIS).
The compliance of organizations with the requirements of the GDPR is a complex task consisting of a set of policies and processes that are implemented periodically. Organizations must be able to describe the risks associated with data processing, take the necessary action so that they are aware of what data they use, how they manage and protect it, and how they demonstrate compliance with regulatory requirements. This is a difficult and time-consuming process that requires knowledge of regulation and other regulations. It is difficult for organizations, especially small or medium-sized ones, to develop the necessary competencies, such as cybersecurity and confidentiality. For larger organizations there are difficulties in applying a unified model of self-assessment and practical application of the necessary controls.
UBIS is based on good practices in conducting self-assessment for compliance with the Regulation and aims to alleviate these problems, as well as to assist consumers in the four main phases of self-assessment, namely:
- Data identification;
- Data management;
- Data protection;
- Documentation of compliance.
UBIS serves to support the process of assessing compliance with the GDPR of a scientific organization by enabling users to periodically check for compliance with the GDPR and to follow the results of previous self-assessments. Gap analysis (current to the desired level of regulatory compliance) is an assessment method to determine whether organizational requirements are met and, if not, what steps need to be taken to ensure that they are met successfully. The gap refers to the space between "where we are" (current state) and "where we want to be" (target state).
UBIS is not intended to be exhaustive or to ensure compliance with an organization that uses it. The topic of personal data is dynamic and continues to change through the creation of new international and local laws, good practices, software products and more. In reality, an organization's compliance with the requirements of the GDPR depends on the context of the organization, and the easiest way to comply is awareness of all employees, customers and partners about the requirements for working with data.
The purpose of UBIS is to be a useful tool for assessing the compliance and awareness of an organization with the requirements of the ORD. As compliance with these requirements is an ongoing process, any organization can benefit from the use of UBIS. Processes such as risk assessment, asset classification, security analysis and audits are periodic, which means that periodic conformity assessment is generally the best approach for organizations that have decided to use it.