Session 3: Effective and sustainable privacy compliance programs
The big picture – essential components of an effective and sustainable privacy compliance program
Cybersecurity and privacy compliance have become a major concern for companies in recent years. There are four key elements to consider to ensure that a company's privacy compliance program is both effective and sustainable: knowledge, organisation, process & procedures and balance. Companies can only comply with what they know, and keeping a close watch on the data protection landscape is key to maintaining an effective privacy compliance program. Such programs also require an appropriate set of resources and structure that aligns with the business' priorities and organisation. While the days of one-size-fits-all policies are over, maintaining a standard set of procedures across the board remains essential. With increased globalization, digitalization and growing complexity of products and services, compliance can be difficult when laws are not easily translated into points of action. Companies must be aware of the fast-evolving global and local data protection landscape and be able to respond as appropriate. While the GDPR remains a good starting point in designing privacy compliance programs, it is by no means the only barometer for compliance with local privacy regimes is becoming more nuanced, particularly around the Asia Pacific region. Commercial and operational considerations are also key factors to take into account in the design of a privacy compliance program, with the company's objectives, stakeholders, structure and resources also playing a critical role in the program's design.
Where and how to start
A key starting point is identifying a person who will be responsible for the program's design and implementation, as well as ensuring cooperation across legal, technology, HR and commercial/marketing teams. Privacy should be built into the company's leadership structure, and seamlessly incorporated into the day-to-day running of a business as well as its culture of compliance. Privacy programs and policies are not one-size-fits-all models — the company type and activities naturally influences the amount and type of data which the company processes, with varying compliance requirements arising. Data mapping exercises are key in identifying the types of data that companies collect and process, and therefore what they need to manage from a privacy perspective. Technology such as centralization, anonymization and organisational software should also be leveraged to improve the efficacy of a privacy compliance program.
Access the session recording and other materials here.
Speakers: Yi Lin Seng (Mastercard), Florian Tannen, Paolo Sbuttoni and Sonia Ong
International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 1 (Webinar)
International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 2 (Webinar)
International: Deciphering Data Webinar Series - Journey Around the World: Data Privacy Global Update - Session 1 (Webinar)
International: Deciphering Data Webinar Series - Journey Around the World - Data Privacy Global Update - Session 2 (Webinar)
Europe: Deciphering Data Webinar Series - Managing Workforce Data (Webinar)
Europe: Deciphering Data Webinar Series - When Data Goes Wrong - Enforcement and Litigation Trends Across Europe (Webinar)
Europe: Deciphering Data Webinar Series - Cookies and Online Advertising - Recent Trends in Europe (Webinar)
Europe: Deciphering Data Webinar Series - International Data Transfers - What’s Next? (Webinar)
Asia Pacific sessions
Asia Pacific: Deciphering Data Webinar Series - Spotlight on privacy developments (Webinar)
Asia Pacific: Deciphering Data Webinar Series - Artificial Intelligence (AI) and privacy (Webinar)
Asia Pacific: Deciphering Data Webinar Series - Effective and sustainable privacy compliance programs (Webinar)