Data Protection Officers: Hottest item in technology
In 2018, companies across the world are scrambling to comply with the data privacy laws that are shooting up everywhere. Europe is joining the bandwagon in May; it represents the biggest shake-up of personal data privacy rules since the birth of the Internet. And the Philippines is no exception: the Data Privacy Act (DPA) was signed into law in 2012 and is now strictly implemented by the National Privacy Commission (NPC).
While Philippine companies have to some extent complied with the rules in naming a Data Protection Officer (DPO) to the NPC, it is assumed that most of the DPOs are not fully familiar with thepolicies and processes to avoid data costly breaches. That’s the reason why we have started to create teams to assist companies to train DPOs and introduce software that will lead to showing compliance gaps and ways to solve those.
It has to be understood that the data privacy laws give Filipinos and citizens around the globe more control over their online information and that the laws apply to all firms that do business. This is especially important for Philippine companies that do business or intend to do business with Europe.
Finding DPOs is not easy, here and around the globe. More than 28,000 will be needed in Europe and the US, and as many as 75,000 worldwide as a result of the data privacy laws, the International Association of Privacy Professionals (IAPP) estimates.
The need for DPOs is expected to be especially high in data-rich industries, such as tech, Business Process Management, digital marketing, finance, healthcare, hospitality and retail, to name a few only.
In this context, allow me to reiterate what DPOs need to learn / know to comply with data privacy laws:
* Assess o Data Privacy, GDPR & Information Security o Data flow and inventory o Penetration testing o Vulnerability / Data leakage testing
* Protect o Establish relevant policies regarding data protection and Cybersecurity o Enforce Data Classification solutions o Data loss prevention o Encrypted storage devices o Information rights management
* Sustain o Data protection support programs o Onsite data protection audits o Data Privacy training and eLearning o Information security procedures training
* Respond o Response management training o Incident management and containment o Evidence gathering o Crisis communication o Review of policies and thresholds.
In conclusion, your business compliance management plans should allow you to easily audit your activities and messages to ensure compliance, and easily identify possible issues before the regulatory agencies do.
Whatever you do, don’t dismiss compliance. What may seem trivial to you in terms of a regulation can come back to bite you in the form of costly fines and lawsuits from employees or customers. And it can happen in ways you would have never anticipated.
I agree with you that compliance is a pain, and it is not just another cost of doing business. Remember: failure to comply with the data privacy rules and the cybersecurity requirements can result in hefty fines, and even jail time.
If you need assistance, let me know; we have teams in place that can help you. Email me under Schumacher@eitsc. com