Data Privacy Workshops: Embedding Data Privacy Awareness in Your Workforce
Data protection and privacy are buzzwords in the business world nowadays as legislators and regulators the world over are strengthening laws and policies to keep abreast of the increasing demand for upholding privacy rights of individuals amidst a highly digital society.
- Why is Data Privacy Important to Businesses?
- What are the 5 Benefits of having a DPO/DPS Registered Business?
- Why is Collaboration relevant in Data Protection?
- Data Privacy Awareness Training
- Data Processing Systems Inventory Workshop
- Annual Security Incident Reporting (ASIR) and Data Breach Reporting Workshop
- Privacy Impact Assessment (PIA) Workshop
The Importance of Data Privacy to Businesses
Responsible businesses would benefit by responding to the urgent needs of the times by acquainting themselves with the principle of Privacy by Design that denotes taking into consideration how to promote personal data protection within every level of the organizational structure, permeating all processes that handle personal data and ideally even beginning from system and process conceptualization and design up to implementation and follow-through.
As such, data protection should not merely be regarded as paper compliance, but rather a more proactive approach to a display of commitment by a business organization in upholding the rights and freedoms of their data subjects.
5 Benefits of having a DPO/DPS Registered Business
In the Philippines, data privacy is a fundamental human right as mandated by Republic Act 10173 (Data Privacy Act of 2012) Section 2.
Complying with the DPA of 2012, its Implementing Rules and Regulations, and relevant public issuances of the National Privacy Commission can be perceived as daunting and highly resource-exhaustive by some businesses.
However, the NPC promotes 5 Benefits of having a DPO/DPS Registered Business. Consequently, internal employees must be proactively involved in the data protection efforts of the organization.
Let’s delve into each one:
- Compliance with the Data Privacy Act of 2012
Promoting data protection that would result in data privacy, and the latter being a fundamental human right, does not have to hamper the free flow of information. In fact, it should be able to help promote innovation and business growth, if organizations are able to embed data privacy practices and compliance into their internal operations properly.
- Strengthens Company Reputation
DPA compliance is a vibrant indication of an organization’s commitment to protect the personal data of individuals, be it their clients, internal employees, or third-parties with whom they conduct business. Thus, it strengthens company reputation in this highly competitive and globalized business landscape.
- Facilitates Business Transactions
As the relevance and importance of data privacy compliance is gaining traction within the business community, both locally and globally, not a few business organizations would ensure that they only do business with other organizations who are able to clearly demonstrate a robust data governance framework and privacy management program. This means, in part, that such organizations have the internal resources to utilize cybersecurity measures and other security controls to protect their personal data processing, along with policies and processes that secure such data.
Some client organizations now require their third-party vendors and service providers to undergo data privacy related risk assessment audits and provide attestations as to their capacity to properly handle the clients’ personal data. This process normally takes place as part of a vendor vetting process, prior to engaging in an actual service agreement.
This leads us to the next benefit below.
- Enhances Consumers’ Trust
Consumers become increasingly cognizant of their data privacy rights, and thus, would highly expect, if not demand, that the businesses whose products or services they patronize display a high level of integrity and reliability on how to secure the former’s sensitive personal data, to help ensure that no unauthorized disclosure of such data happens. Otherwise, when a data breach inadvertently takes place, consumers want to be assured that the business has the means to promptly and most effectively mitigate the possible adverse consequences that could potentially harm these data subjects, while complying with the NPC’s breach response management protocols.
- Promotes Compliance Check Preparedness
The NPC has been observed to enhance their conduct of random privacy sweeps and compliance checks among private businesses, as they deem fit. Privacy sweeps are performed by the said Regulator by reviewing publicly available company information such as those reflected on company websites, fliers, brochures or signages.
The Commission may also at will, facilitate a compliance check upon a data subject’s filing of a complaint, after which the Regulator may subject the business to a document review or an onsite visit to prove that data privacy related processes, policies and practices are in place.
Fines, penalties and jail time are enforced by the Commission against businesses and its officers who fail to comply with the mandates of the Law.
The Data Protection Officer Need Not be a Lone Agent for Data Protection
DPA Compliance could not solely rest on the shoulders of the designated Data Protection Officer, nor does it stop upon DPO and Data Processing Systems Registration. Strong internal collaborations and efforts must be fostered in order to institutionalize DPA change management initiatives.
This is where internal employee capacity building comes into play. Rolling out internal periodic privacy awareness training may aid the DPO in not only DPA compliance, but also in building an organizational culture that supports organizational initiatives for data protection.
DPA capacity building will help organizations foster an internal appreciation of the significance of their ability to properly handle personal data, which could help lead to a more profitable bottom line, and assuring our valuable employees that they are a part of a highly sustainable and compliant business organization. Subsequently, DPA compliance could promote trust among the public.
Data Privacy Awareness Training
Learn the fundamental principles and concepts of data privacy to enable the organization to operationalize data protection initiatives. Promote a culture of data protection awareness and compliance where employees from different work units take an active role in safeguarding personal data.
These trainings are customizable to address the unique learning needs of a wide range of participants, from business leaders, managers, compliance professionals to your valued employees.
Data Processing Systems Inventory Workshop
The Data Processing Systems (DPS) Inventory Workshop is tailored for the Data Protection Officer (DPO), Process Owners, and other key internal stakeholders of the client organization.
This workshop aims to assist the client in identifying and meticulously documenting their active data processing systems. By participating in this workshop, the client team will be equipped with the essential knowledge and tools to ensure compliance with the requirements for DPO and DPS registration, updates and annual registration renewals mandated by the National Privacy Commission.
The Consultant shall provide the DPS Inventory Tool for this purpose. After the workshop, the client team will possess hands-on experience essential for their internal preparation of their Records of Processing Activities (ROPA), which is a Risk Assessment measure under NPC’s Data Privacy Accountability and Compliance Framework.
This proactive approach will enhance the client organization’s data governance framework, streamline their DPS inventory process, and fortify the organization’s commitment to data protection and privacy.
Annual Security Incident Reporting (ASIR) and Data Breach Reporting Workshop
Learn how to navigate the National Privacy Commission’s official platform for the management and reporting of personal data breaches and security incidents – the Data Breach Notification Management System (DBNMS).
Align the client company’s breach response management procedures with the regulations set forth by the NPC.
In this engagement, InCorp Philippines will provide the tool to monitor and report data breaches and security incidents, and provide the client’s internal team with hands-on experience to ensure breach notification and annual security incident reporting readiness.
Privacy Impact Assessment (PIA) Workshop
What is Privacy Impact Assessment?
PIA is a process undertaken and used to evaluate and manage impacts on privacy of a particular program, project, process, measure, system or technology product of a PIC or PIP.
It takes into account the nature of the personal data to be protected, the personal data flow, the risks to privacy and security posed by the processing, current data privacy best practices, the cost of security implementation, and, where applicable, the size of the organization, its resources, and the complexity of its operations. (Source: NPC Advisory)
This hands-on workshop will give participants the knowledge and tools to perform their organization’s PIA.
The conduct of a PIA is in keeping with the NPC’s Five Pillars of Compliance and will: (1) make the client company ready for compliance checks by the NPC in the event of a data subject complaint or data breach; and (2) enable the business to proactively identify potential risks involved out their personal data processing, while establishing mitigating measures to address such potential risks.