Asia Pacific: Deciphering Data Webinar Series - Effective and sustainable privacy compliance programs (Webinar)

Asia Pacific sessions

In brief

The fast-evolving global and regional data privacy landscape presents privacy counsels with the challenge of implementing and sustaining effective privacy compliance programs for their organisations. Our final session discussed the building of effective and sustainable privacy compliance frameworks, including the EU GDPR considerations.


Contents

Session 3: Effective and sustainable privacy compliance programs

The big picture – essential components of an effective and sustainable privacy compliance program

Cybersecurity and privacy compliance have become a major concern for companies in recent years. There are four key elements to consider to ensure that a company's privacy compliance program is both effective and sustainable: knowledge, organisation, process & procedures and balance. Companies can only comply with what they know, and keeping a close watch on the data protection landscape is key to maintaining an effective privacy compliance program. Such programs  also require an appropriate set of resources and structure that aligns with the business' priorities and organisation. While the days of one-size-fits-all policies are over, maintaining a standard set of procedures across the board remains essential. With increased globalization, digitalization and growing complexity of products and services, compliance can be difficult when laws are not easily translated into points of action. Companies must be aware of the fast-evolving global and local data protection landscape and be able to respond as appropriate. While the GDPR remains a good starting point in designing privacy compliance programs, it is by no means the only barometer for compliance with local privacy regimes is becoming more nuanced, particularly around the Asia Pacific region. Commercial and operational considerations are also key factors to take into account in the design of a privacy compliance program, with the company's objectives, stakeholders, structure and resources also playing a critical role in the program's design.

Where and how to start

A key starting point is identifying a person who will be responsible for the program's design and implementation, as well as ensuring cooperation across legal, technology, HR and commercial/marketing teams. Privacy should be built into the company's leadership structure, and seamlessly incorporated into the day-to-day running of a business as well as its culture of compliance. Privacy programs and policies are not one-size-fits-all models — the company type and activities naturally influences the amount and type of data which the company processes, with varying compliance requirements arising. Data mapping exercises are key in identifying the types of data that companies collect and process, and therefore what they need to manage from a privacy perspective. Technology such as centralization, anonymization and organisational software should also be leveraged to improve the efficacy of a privacy compliance program.

Access the session recording and other materials here.

Speakers: Yi Lin Seng (Mastercard), Florian Tannen, Paolo Sbuttoni and Sonia Ong

Related webinars

Global sessions

International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 1 (Webinar)

International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 2 (Webinar)

International: Deciphering Data Webinar Series - Journey Around the World: Data Privacy Global Update - Session 1 (Webinar)

International: Deciphering Data Webinar Series - Journey Around the World - Data Privacy Global Update - Session 2 (Webinar)

Europe sessions

Europe: Deciphering Data Webinar Series - Managing Workforce Data (Webinar)

Europe: Deciphering Data Webinar Series - When Data Goes Wrong - Enforcement and Litigation Trends Across Europe (Webinar)

Europe: Deciphering Data Webinar Series - Cookies and Online Advertising - Recent Trends in Europe (Webinar)

Europe: Deciphering Data Webinar Series - International Data Transfers - What’s Next? (Webinar)

Asia Pacific sessions

Asia Pacific: Deciphering Data Webinar Series - Spotlight on privacy developments (Webinar)

Asia Pacific: Deciphering Data Webinar Series - Artificial Intelligence (AI) and privacy (Webinar)

Asia Pacific: Deciphering Data Webinar Series - Effective and sustainable privacy compliance programs (Webinar)

Contact Information

Copyright © 2022 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.