Effective Data Privacy and Protection through Automation

I have written many times about the need of companies to consider automation as a management tool for effective Data Privacy and Protection, because I am convinced that the journey tolegal and operational compliance of organizations to the Data Privacy Act of the Philippines as well as the General Data Protection Regulation of the EU needs that support to effectively manage the process of governance, risks, and compliance.

Such a tool allows companies to immediately start a privacy managementprogram across the organization and translate their privacy vision to operations down to every employee in the company. It is a platform to protect organizations from privacy and data breaches, which carry heavy fines and jail-term that could well affect brand and company reputation.

The system I am familiar with follows the five (5) pillar framework of the National Privacy Commission (NPC). Allow me to highlight those pillars, what needs to be done, and what the system provides:

1. COMMIT TO COMPLY: GOVERNANCE STRUCTURE AND DPO

The first step to success is to set up a governance team and involve your stakeholders. Set up a governance structure and put your Data PrivacyProtection Office in place.

2. KNOW YOUR RISK: INVENTORY, ASSESSMENT AND PIA

In looking at privacy across the organization, best practices use the Privacy Operations Cycle of Identify, Manage, Sustain, and Respond.

3. BE ACCOUNTABLE: PRIVACY MANAGEMENT PROGRAM MANAGE

Action Plans:The system generates action plans for any gaps found in your Compliance Assessment. You can assign responsibility and end dates and use the system to remind responsible staff and close the gaps.

Risk Evaluation and Treatment:Identify and document risks in respect to potential data breaches and non-compliance to Data Privacy laws and internal data protection policies with system-documented Risk Identification and Risk Treatment.

Policies, Guidelines and Measures:Prepare policies (such as an Internal Data Privacy Policy and an External Privacy Notice) and put Standard Operating Procedures (SOPs) in place to ensure that risks are addressed by implementing the right measures.

4. DEMONSTRATE COMPLIANCE: IMPLEMENT MEASURES SUSTAIN

Training and Communications monitoring:Keep track of all communication and training related to Data Privacy.

e-Learning: Administer an e-learning module to help selected employees understand key Data Privacy principles and practices.

Competency Tests: Create, publish, assign and track tests to gauge the competency of staff in Data Privacy principles and practices.

Onsite Audits: Create new audit programs, enter audit observations, and track actions to address the audit observations.

Compliance Status Report: View the compliance status against regulations of entities/ departments side-by-side.

Operations Dashboard: Look at the Action Plans and statuses across the organization through the frameworks of Assess-Protect-Sustain-Respond (APSR) and Collect-Use-Disclose-Store (CUDS). Update the status of Action Plans and view the changes in the Compliance Dashboard and Compliance Status Report.

Inventory Report: View the Data Inventory information for all entities/ departments side-by-side.

Compliance Tracking:Distribute policies such as your Data Privacy Policy and Information Security policy to relevant individuals by email/ mobile device, and record their acceptance and date/ time of acceptance of thepolicies.

Records of Processing Activities: Maintain records of processing activities, whether you are a Controller, Joint Controller or Processor of personal data.

5. BE PREPARED FOR BREACHES RESPOND - RESPONSE MANAGEMENT

Data Subject requests: Manage data subject requests. Breach/ Incident management: Manage incidents, document relevant breach/ incident details and set breach notification tasks.

In conclusion, allow me to summarize: The automation for Data Protection Officers (DPOs) is a platform that delivers data protection as a service for organizations to build trust with their customers and stakeholders.

It allows the DPO (every company is forced to have one under Philippine regulations) to:

• Achieve operational compliance with data protection laws

• Implement a Data Protection/Privacy Management Program

• Demonstrate accountability to regulators (more specifically to the National Privacy Commission.

If you are interested in getting this kind of automation (DPOinBOX), let me know. My partners will be delighted to provide you with more detailed information. Contact me at [email protected]