Scribd
Upload
37 views8 pages

Cipm Notes Giveaway

Uploaded by

siddharthtayal29
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
37 views8 pages

Cipm Notes Giveaway

Uploaded by

siddharthtayal29
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

EXCLUSIVE TSAARO

ACADEMY NOTES
GIVEAWAY

academy.tsaaro.com
About Tsaaro Academy
"It’ s not easy to build trust and manage risks at the same time"

Just getting a certification won’t minimise nor guarantee your


business from potential threats. It requires constant efforts
and maintenance in securing the system from threats.

We at Tsaaro Academy provide the right training as per the


international market standards to help data privacy
professionals get access to the right skills to support their
organisation with data privacy risks.

Our Official Partners

Featured in

All rights reserved by Tsaaro Academy


INTRODUCTION TO PRIVACY
PROGRAM MANAGEMENT

1. INTRODUCTION
Privacy Program Management: It is a process to meet the legal data
protection compliance requirement (privacy by design and by default) and
the expectations of customers by combining several disciplines into a
framework and overall reduce the risk of data breach or incidents.

Privacy Program Management has become a necessity for the businesses


now. Businesses are motivated to comply with the data protection
regulatory requirements than ever due to the rising scrutiny by the law
enforcement agencies and increased awareness in consumer for their rights
in data protection. Implementing a privacy program will help organisation
in building consumer trust, reputation and brand name.

Skills for the managing a privacy program can bring a lot of opportunities
for privacy professionals. In this chapter we will see the skills needed by a
privacy professional for Privacy Program Management.

2. Responsibilities of a Privacy Program Manager

The goals of the privacy program manager can be summed up in 4 major points:

1. Identify privacy obligation for the organization


2. Identify business, employee, and customer privacy risks
3. Identify existing documentation, policies and procedures .
4. Create, revise and implement policies and procedures that effect
positive practices and together comprise a privacy program.
Goals of a Privacy Program
1. Promote consumer trust
2. Improve the organisation’s reputation
3. Facilitate privacy program awareness (among employees, customers,
partners and service providers)
4. Respond effectively to privacy breaches
5. Monitor, maintain and improve the privacy program continuously

Responsibilities of a privacy program manager:


• Policies, procedure and governance
• Privacy-related awareness and training

Data Privacy Notes. academy.tsaaro.com


INTRODUCTION TO PRIVACY
PROGRAM MANAGEMENT

• Incident response
• Communications
• Privacy controls
• Privacy issues with existing products and services
• Privacy-related monitoring • Privacy impact assessments
• Development of privacy staff
• Privacy-related investigations
• Privacy-related data committees
• Privacy by design in product development
• Privacy-related vendor management
• Privacy audits
• Privacy metrics
• Cross-border data transfers
• Preparation for legislative and regulatory change
• Privacy-related subscriptions
• Privacy-related travel
• Redress and consumer outreach
• Privacy-specific or –enhancing software
• Privacy related web certification seals
• Cross-functional collaboration with legal, information technology (IT),
information security (sometimes referred to as IS or InfoSec), cybersecurity
and ethics teams, among others
• Reporting to chief privacy officer (CPO), data protection officer (DPO),
and/or data protection authority (DPA)

3. Concept of Accountability
Accountability is a principle which requires the organisation to demonstrate
the compliance with the applicable data protection laws through
establishing proper policies and procedures, and documentation. This
documentation will not only help in demonstrating the compliance but also
in handling personal data residing and flowing across the organisation. This
principle requires the organisations to take ownership and secure the
personal data throughout the data lifecycle. If the organisation have placed
the policies, they need to follow it without any deviation. This way, the
organisation can be held accountable. It is the duty of the Privacy
Professionals to demonstrate the accountability by complying with all the

Data Privacy Notes. academy.tsaaro.com


INTRODUCTION TO PRIVACY
PROGRAM MANAGEMENT

data protection requirements, document them efficiently and ensure the


compliance with the policies established

4. Beyond Law and Compliance

Consumer Trust: Apart from risk of hefty regulatory fines, consumer trust is
an important element for the business especially B2C businesses. Loss of
consumer trust can have broad and severe repercussions including the
ruining of the business. Many organisations are very sincere about their
privacy programs to maintain the consumer trust. Privacy compliance is
equally important for B2B business as it promotes the trust with the partners,
employees, contractors and consumers.
Brand Name: A data breach can affect the brand name of a business badly.
To keep the brand name safe, it is a good place a privacy program.
These can be achieved by
Meeting the regulatory requirements
Reduce the risk of data breach
Meet client expectation

5. Why Does an Organisation Need a Privacy Program?


Need for a privacy program may include:
Enhance the company’s brand and public trust
Meet regulatory compliance obligations
Enable global operations and entry into new markets
Reduce the risk of data breach
Increase revenues from cross-selling and direct marketing
Comply with the GDPR
Provide a competitive differentiator
Increase value and quality of data
Reduce risk of employee and consumer lawsuits
Be a good corporate citizen
Meet expectations of business clients
Meet consumer expectations/enhance trust

Data Privacy Notes. academy.tsaaro.com


INTRODUCTION TO PRIVACY
PROGRAM MANAGEMENT

6. Privacy Across the Organisation


Management of the privacy program is not only the task of a privacy
manager rather it involves various team representatives of the organisation.
The functional groups can play crucial role in the implementation of the
privacy by design in an organisation. Some of the teams which can help the
privacy program are as follows:
1. Learning and development group: This group manages the employee
trainings. This group can help in developing the data protection
awareness amongst the employees.
2. Communications group: This group cancontribute by creating email
communications, intranet content, posters etc. to reinforce privacy
practices. Information security group: Information Security and Data.
3. Protection complement each other. Achieving data protection without
InfoSec tools is impossible. The InfoSec group ensures that appropriate
technical controls have been deployed (encryption, pseudonymization,
disposal of data etc.) or not.
4. IT Group: it enhances and supports the privacy program by adding
processes and controls that support data protection regulatory
requirements.
5. Internal audit group: This group continuously assesses the
implementation of the deployed policies and procedures. It keeps a close
check on whether employees and other stakeholders are abiding with the
policies and procedures or not.
6. Procurement: Procurement team ensures that contract and other relevant
documentation with third party providers (who process personal data on
behalf of the company). Procurement team conducts the vendor profiling
(with respect to data management and security of the personal data)
and further abides the vendors through contracts to comply with data
protection principles and regulatory requirements.

Some of the other departments that can contribute to the privacy are:

i. HR vi. Legal
ii. Ethics vii. Security
iii. Marketing viii. Risk
iv. Business Development ix. Governance
v. Finance x. Research and development

Data Privacy Notes. academy.tsaaro.com


INTRODUCTION TO PRIVACY
PROGRAM MANAGEMENT

7. Awareness, Alignment and Involvement


Management of the privacy program is not only the task of a privacy
manager rather it involves various team representatives of the organisation.
The functional groups can play crucial role in the implementation of the
privacy by design in an organisation. Some of the teams which can help the
privacy program are as follows:

Data Privacy Notes. academy.tsaaro.com


KICK START
YOUR CAREER
Enquire For Training at
Tsaaro Academy

[email protected]
+91 93353 36454

Data Privacy Notes. academy.tsaaro.com

You might also like