Data Protection Day, which falls on every 28 January, is an annual reminder of the importance of ensuring that personal data is properly handled and safeguarded. It is also an excellent opportunity to raise awareness, among organisations and consumers alike, on the protection of personal data and ongoing compliance obligations.
Interest in data protection matters has increased in recent years. Market disruptions, emerging technologies and more complex trade flows have all contributed to putting data protection at the front and centre of an organisation’s compliance programme. Public awareness is, likewise, growing and is putting pressure on organisations to review their procedures and practices to avoid any reputational risk.
To mark the occasion, PwC Malta has put together 5 principles that C-Suite executives can consider for the foundation of a comprehensive data protection programme:
As for any compliance programme, senior management buy-in is essential for effective collaboration and communication. Appointing a Data Protection Officer (DPO) and/or identifying privacy champions within the organisation can ensure that data protection is put on the agenda by having persons who will advocate for the programme.
Organisations should be aware of how and why they are processing personal data. Through data mapping, organisations can also locate the data, identify whether it is sensitive, ensure that adequate security measures are in place and determine whether any gaps in compliance are present.
Individuals are guaranteed a number of rights under data protection laws. Accordingly, organisations should ensure that robust mechanisms such as rights request policies and privacy notices are in place to respect the rights of individuals.
Fines for data breaches can amount to millions of Euro if they are not dealt with properly. The DPO and/or the privacy champions should have a clear process in place to respond to data breaches within the prescribed time frame.
Employees who are properly trained in data protection are more likely to identify privacy risks and breaches. An awareness programme is key to any organisation’s privacy framework as employees handle a large amount of data on a daily basis.