Uploaded by Klajdi Lazri

Privacy and Data Sensitivity

advertisement
Privacy and Data
Sensitivity
What are the roles and responsibilities we need to know ?
o Data Subject - an individual who is the subject of personal data
o Data Owner - "Masters of all"; responsible for classification of data
and hold legal rights and complete control over the data they create,
or is created by others on their behalf;
o Determine data's impact on the mission of the organization; Understand
the replacement cost of the information (if it can be replaced);
o Determine who has a need for the data and under what circumstances the
data should be released;
o Identify when data is inaccurate or no longer needed and should be
destroyed
o Data Controller - Determines the purpose(s) for which & the manner in
which data is to be processed
o Data Processor - "Managers of all" ; they process the data on behalf of
the Data Controller
o Adherence to appropriate and relevant data policy and data ownership
guidelines
o Ensuring accessibility to appropriate users, maintaining appropriate levels
of dataset security
o Dataset maintenance & documentation
o Assurance of quality and validation of any additions to a dataset, including
periodic audits to assure ongoing data integrity
o Data Custodians - responsible for the safe custody,
transport, storage of the data & implementation of
business rules
oAccess to the data is authorized and controlled
oData stewards are identified for each data set
oTechnical processes sustain data integrity
oProcesses exist for data quality issue resolution in
partnership with
Data Stewards
o Data Stewards - responsible for utilizing an organization's
data governance processes to ensure fitness of data elements both the content and metadata.
o Focus on processes, policies, guidelines & responsibilities for
administering organizations' entire data in compliance with
policy and/or regulatory obligations.
oTechnical controls to safeguard data
oChange management practices are applied in maintenance of
the
database/dataset
oData content & changes can be audited
o Data Protection Officer - mandatory role for all companies
that collect or process EU citizens’ personal data, under
Article 37 of GDPR.
o Responsible for educating the company and its employees
about compliance, training staff involved in data
processing, and conducting regular security audits.
o Also serve as the point of contact between the company and
any Supervisory Authorities (SAs) that oversee activities
related to data.
Download