Oct 22, 2015 22:20 JST

Source: marcus evans Summits

How to Design a Solid Privacy and Data Protection Programme

LONDON, Oct 22, 2015 - (ACN Newswire) - Joao Torres Barreiro, Associate VP & Chief Data Protection Officer of HCL Technologies, and a keynote speaker at the marcus evans European Corporate Counsel Summit 2015 taking place at Cascais, Portugal, 23 - 24 November, discusses what organisations need to consider when designing a privacy and data protection programme.

- What do organisations need to know about the changes the EU General Data Protection Regulation will bring?

This regulation will change the power dynamics between companies, data protection authorities and data subjects, which are the customers. It will also radically transform the way organisations process personal data and use this data to do their business. 'Privacy by design' and 'privacy by default' will become the standard.

Instead of looking at those changes as a challenge, I prefer to face them as an opportunity. For example until now, companies had to deal with twenty-eight European data protection laws. In the future, they will only deal with one data protection law in the European Union. We cannot dismiss what this data protection reform will do for economic growth. In one of the European Commission's press releases it was stated that the benefit of having one data protection law in the EU, instead of an inconsistent patchwork of twenty-eight national laws, is estimated at 2.3 billion Euros per year. Also, strengthening Europe's standards of data protection can be a business opportunity.

- What are the key elements for designing a privacy and data protection programme?

The key and most important element for designing a successful privacy and data protection programme is to first define the scope of the program. To do that, companies need to identify what legal and regulatory data protection requirements are applicable to their organisation. This is particularly difficult for multinational companies, since they are present in different geographies across the globe and need to take into consideration multiple data protection laws. As well, multinational organisations need to consider that different countries may have different views on the concept of privacy. For instance, the way an American perceives privacy is completely different from the way a European does.

Companies should develop a global privacy strategy that speaks to all markets. They can only do this by adopting a holistic approach with very high privacy standards that should be customised only when strictly required.

- Why do all departments need to be engaged when designing a programme?

There are many functions that do not have a seat on the privacy office but are necessary to implement a privacy and data protection program. For example, how can the privacy office draft a procedure that defines how personal data of employees is processed without the involvement of the human resources department? Or how can the privacy office implement procedures that address data protection breaches without the participation of the chief information security officer and the cyber security officer?

Also, by engaging several departments within an organisation, you ensure a buy-in and a sense of ownership concerning privacy.

- What advice do you have for organisations that process personal data?

The first step is to map the risks associated with the company data processing activities. Only by doing that, companies can adequately design and prioritise the privacy deliverables that should be implemented first. Otherwise, they will have a privacy program that is not going to solve the daily privacy problems of the organisation. Just like in any compliance program, to build a successful privacy program, companies must first know what their real weaknesses are.

About the European Corporate Counsel Summit 2015

The European Corporate Counsel Summit is the premium forum bringing together leading in-house counsel with specialist international law firms and legal services providers. As an invitation-only event taking place behind closed doors, the summit offers Global/European GCs an intimate environment for a focused discussion of key new drivers shaping the legal profession. The Summit will take place at the Grande Real Villa Italia, Cascais, Portugal, 23 - 24 November, 2015.

For more information please send an email to press@marcusevanscy.com or visit the event website at www.eccsummit.com/JoaoTorresBarreiroInterview

marcus evans group - legal sector portal -
www.marcusevans.com/reviews/legal

The Legal Network - marcus evans Summits group delivers peer-to-peer information on strategic matters, professional trends and breakthrough innovations.

- LinkedIn: www.linkedin.com/groups?mostPopular=&gid=3676301&trk=myg_ugrp_ovr
- YouTube: www.youtube.com/MarcusEvansLegal
- Twitter: www.twitter.com/meSummitsLegal
- SlideShare: www.slideshare.net/MarcusEvansLegal

Please note that the Summit is a closed business event and the number of participants strictly limited.

Contact:
Luzdary Hammad
Press Manager, marcus evans, Summits Division
Tel: +357 22 849 385
Email: press@marcusevanscy.com
Source: marcus evans Summits
Sectors: Daily Finance, Daily News

Copyright ©2024 ACN Newswire. All rights reserved. A division of Asia Corporate News Network.


Latest Release

More Latest Release >>