The deterrent for GDPR non-compliance is not just the 4% or 20 million Euro fine but also the fact that the companies can also be barred by the regulator from processing data temporarily or even permanently. The positive side is making Data ethics a competitive advantage.
The stake holders in organisation GDPR implementation are Legal, Human Resource, Information Technology and Marketing. DPIA – Data privacy impact assessment under article 35 of GDPR is another aspect. High-risk processing activity under article 35(7)a of GDPR processing is an important factor. Employee consultation and survey for the customer is recommended. Also in case of cloud computing the responsibility would be with the controller. Some of the addition to Article 30 include article 7, article 15-19, article 20, article 32, article 44 – 46.
Data Privacy Officer is the mandatory position for all companies, and privacy officer and Data privacy officer is two different roles. Data Privacy officer can also be a part-time role. Another aspect was right to be forgotten, and the fact that ERP does not delete the data but red flags it and the data do not pop up in the system but resides in the system is understood. Hence analyzation and tokenization of data are recommended. In tokenization audit, trail and Login function match should be conducted analyzed and blocked.
Another aspect of data privacy came out on Application security and IoT – Internet of things. While Application security primarily included session hijacking, phishing, etc., IoT can also lead to a possible source of infiltrating into the network and accessing the data. Hence Application level and IoT security are an important aspect. Security monitoring is another key aspect function of data privacy. Cloud is another area where need for security was emphasized. While Ben Westwood - Data protection Officer of eBay explained the complexity involved in data privacy management for an eCommerce company.Marketing is further another function that gets impacted by GDPR, email campaign, cookies tracking, search engine optimisation can no longer be conducted without the consent of the customer, and customer consent form should be simplified for the understanding of an ordinary computer or smart phone user. It was also acknowledged that the Personal data of non-corporate users is almost around 80% of the data under GDPR which is processed by companies, while 20% is the employee data and hence solutions need to be planned and designed basis same.
It was acknowledged that countries like India, Singapore, Hong Kong have also adapted data privacy apart from Europe. Countries like South Africa have their own data privacy law POPI.
The IT adaptation in every individual life has penetrated to a large extent, in fact, it has impacted the way we live our lives and conduct our business, and this has rapidly involved in past 15 to 20 years and needs some form of governance hence idea to bring principles and ethics into the equation. The intent and heart to introduce GDPR is in the right place and companies would need to live with this new reality and comply. However to over seeing GDPR regulation would require highly intellectual indivituals with high integrity and conviction as there is possibility of alternative narrative been given and they would have to distinguish between narrative in interest of people and society against vested interested.
The IT adaptation in every individual life has penetrated to a large extent, in fact, it has impacted the way we live our lives and conduct our business, and this has rapidly involved in past 15 to 20 years and needs some form of governance hence idea to bring principles and ethics into the equation. The intent and heart to introduce GDPR is in the right place and companies would need to live with this new reality and comply. However to over seeing GDPR regulation would require highly intellectual indivituals with high integrity and conviction as there is possibility of alternative narrative been given and they would have to distinguish between narrative in interest of people and society against vested interested.
No comments:
Post a Comment