Data protection is hard to do. Security, privacy and data protection functions must work closely together to avoid failure.
The required skillsets for effective data protection are multiple. Deep information security experience, coupled with privacy knowledge and data expertise must align. Data regulations must be known and complied with.
Data protection is not a principle specialism of most companies. By outsourcing this work to Data Protectors, you can focus on building your business while we:
Privacy regulations are being created and enforced globally. Safe Harbor, relied on by US companies toprotect Europe-derived personal data, has been replaced by Privacy Shield, which in turn will be replaced by EU GDPR in May 2018.
In depth knowledge of myriad privacy regulations is useless unless closely coupled with strong data security knowledge and best practices: Our key strength.
Singapore enacted the Personal Data Protection Act in 2012 (PDPA). The PDPA is designed to govern the collection, use and disclosure of personal data in Singapore by any private organization, including those that are not physically located in Singapore. All organizations that collect, use or disclose personal data in Singapore must comply with the PDPA, regardless of their place of incorporation.
The US Federal Trade Commission (FTC) has been aggressively pursuing US companies that are anticompetitive, unfair or deceptive to consumers. FTC enforcements result in major monetary penalties, brand damage and senior management distractions.
The FTC's recommended approach involves:
1. Starting with security first (compliance later)
2. Control access to data sensibly
3. Require secure authentication
4. Segment your network appropriately
The DPO must advise on the implications of data protection laws. The DPO must know the customers data collection and protection practices and business requirements to advise on the best course of action.
Policies formally guide sensitive data usage by the company and its agents. Practices reflect actual data usage and access. Controls must be developed and impemented to ensure alignment between policies and practices.
The DPO is an intermediary between the company and supervisory authorities. According to the GDPR, the DPO has to report directly “to the highest management level” of the company and his contact details have to be communicated to the supervisory authority.
The DPO must be available for inquiries from data subjects on issues relating to data protection practices, access to records, withdrawal of consent, the right to be forgotten, and related rights.
The DPO must serve as a mini-regulator ensuring the practices of the enterprise comply with regulations and taking corrective actions when an issue is found.
The DPO must train staff on privacy requirements. Competent DPOs negotiate workable practices and procedures with operations staff.
The DPO must conduct an audit of the data processing carried out by the company. For each processing, the DPO has to identify scope and purpose, the origin and sensitivity of data, estimate the number of persons concerned, and whether data is transferred outside the EU.
The EU GDPR requires the DPO be independent of the hiring company, to be resourced appropriately and act ethically. As a result the DPO commonly reports to the CEO and/or board.
Data Protectors offers a number of services to solve your privacy and regulatory needs.
We are globally distributed and technically competent.
Compiled global data compliance requirements and built a legal and engineering strategy for compliance with these standards for the worlds largest ride share company.
Led Information Security and Privacy globally for the worlds largest security company. Implemented information security and data protection policies. Interacted regularly with Regulators.
Led Privacy globally for a top Internet Registrar. Assisted with EU GDPR preparation.
Designed and implemented Information Security and data protection policies for corporate and cloud business units, for a recognized leaded in Agile and DevOps.
Assessed risk and implemented appropriate policies for global data protection for a top 3 online travel booking platform.
Assisted antifraud team to rapidly comply with recent case law and regulations. Designed and implemented third party risk assessment program.