Taking Action in Data Protection
Investments in authentication and encryption set to rise in 2018
Philippines’ Data Privacy Act (DPA) is a law that aims to protect individual personal information both in government and private sector. The implementing rules and regulation (IRR) was promulgated in August 2016. Individuals and organizations which fail to comply may be fined up to Php 7 million fine and/or imprisonment, and may suffer reputational damage.
Data privacy encompasses the rights of individuals and obligations of organizations with respect to the collection, storage, use, disclosure, retention, and disposal of personal data i.e. across the data life cycle.
Privacy is one of the foundation of trust in any industry. PwC Risk Assurance - Data Protection & Privacy Services assists client to build trust by helping in proactively addressing privacy. We can help the client to better understand the data privacy within their organization and how it fits within their overall business strategy.
Client may not be aware of the personal data collected and the purposes for which it is being used. Therefore they are unable to maximize the use of all personal data. Some personal data is distributed across the organization, often sitting within numerous business process and technologies, and as a consequence there are significant challenges in cost and managing of these data. PwC Risk Assurance - Data Protection & Privacy Services provide recommendation to better manage personal data including development of policies and procedures.
With the implementation of local and global Privacy laws, organizations are mandated to comply with the requirements over processing of personal data. With PwC Risk Assurance - Data Protection & Privacy Services understanding of the law and involvement on different data privacy implementation projects, we can assist the client on their data privacy journey.
PwC Risk Assurance - Data Protection & Privacy Services can help identify the internal and external threats to the security over personal data and and recommend appropriate controls to ensure compliance with relevant regulation and standards. In addition, we can help the client determine if they are well prepared to respond to a breach and test their data security capability.
The impact is not just on legal, compliance, or cyber security but also how companies take business decisions, leverage information, and deal with third parties when it concerns personal data. A problem this complex requires multifaceted and holistic approach with involvement of business, legal, technology, and IT security leadership.
PwC’s unique cross competency privacy team of risk and assurance specialists, cyber security experts, and lawyers help organizations understand their data privacy obligations, navigate the underlying technology, demonstrate accountability and build trust with customers, employees and third parties.
Develop relevant requirements based on the Five Pillars of Data Privacy Accountability and Compliance set by National Privacy Commission (NPC).
Assist in the conduct of the Data Protection Office (DPO) functions and activities to implement data privacy measures.
Perform privacy assessment depending on the client’s need to review the design and effectiveness of the implemented data privacy measures based on the requirements of the law and other applicable standards.