Cheatography
https://cheatography.com
DPP Cheat Sheet - Topic 5
This is a draft cheat sheet. It is a work in progress and is not finished yet.
Data Protection Management Programme
WHY |
Helps an org. demonstrate accountability in data protection confidence to stakeholders and fosters higher-trust relationships with customers and business partners for business competitiveness. |
WHAT |
1. Governance and Risk Assessment
2. Policies and Practices
3. Processes
4. Maintenance |
Governance and Risk Assessment
Role of Senior Management |
Responsible for org's approach to handling personal data by providing leadership to DPOs and guidance on data protection by providing leadership
Senior management should have an understanding of risks and review how risks affects the organisation |
Role of Data Protection Officer (DPO) |
Ensuring that the organisation complies with the PDPA |
Culture of Accountability and Staff Training |
Protecting personal data is the responsibility of everyone in the organisation – generate awareness and foster a culture of personal data protection |
Risk Assessment |
Strategic - how it affects the strategic objectives of the company
Operational - affects operations
Compliance - affects org's compliance with regulations
Financial -affects financial processes of the company |
|
|
Policies and Practices
WHY |
To comply with PDPA and set expectations for individuals |
WHAT |
What? Why? How? Contact details for any questions or concerns. |
HOW |
Use plain language, FAQ, UX Design and Easy Access |
Data Privacy Practices |
- Identifies personal data protection issues early
- Increases personal data protection awareness
- Complies with PDPA obligations |
Data Privacy Communication |
1. Notification
2. Consent
3. Policy Updates
4. Interaction with Users
5. Access, Correction and Complaint Handling |
|
|
Processes
Risk Identification and Mapping |
To identify and map risks relating to personal data, through using:
Data Inventory Map – cataloguing personal data that includes, collection, use, disclosure, storage, disposal
Data Flow Diagram – depicts the movement of that data through internal systems and external transfers
• Risk Register – records risks associated with the personal data and how it is used, likelihood and consequences of risk occurring |
Risk Remediation and Controls |
To implement of systems-based or process controls
• Identify where personal data is stored
• Determine level of security controls required
• Apply controls on systems/infrastructure that stores personal data
• Implement process controls to approve, review and manage access rights
• Build data protection measures during the software development lifecycle |
Risk Reporting |
Constant monitoring of risks and reporting risks to senior management |
Breach Management |
Containing the breach
Assessing the risk
Reporting the incident
Evaluating the response and recover to prevent future breaches |
|
|
|
