DPA notes
Two types of people that deal with personal data
-Data subjects- those who give their data
-Data handlers- those who manage and process data provided directly or
indirectly by data subjects
As data handler its your responsibnility to
-ensure your data subject’s personal and sensitive information
wherein datas are used and kept for right purposes
Fundamental rule to being a GOOD DATA HANDLER is
UNDERSTANDING CONFIDENTIALITY which means avoid becoming a
leaker.
Someone who discloses the individual’s personal data, intentionally or
unintentionally, for the wrong reasons.
HOW CAN WE HANDLE DATA PROPERLY
Cycle starts with collection of personal
data.
This must be accessible and understood clearly through plain
language.
One example practice of this is giving PRIVACY NOTICES
Another is consent.
This points to something very important: the right to be informed
DATA SBJECT MUST BE INFORMED OF THE FF:
Collection of Personal Data —> Storage of Personal data
TSM examples:
-digital storage
-file backups approving online access
-network security and passwords
-use of authorized devices and
-encryption
Collection→ Storing→ Access→Sharing and Disclosing
ACCESSIBLE
- The data subject has the right to gain reasonable access to his
personal data
-Access to data should be user friendly and easy to do.
DS has the right to block and erase personal data depending on the
following situations:
CHANGING ERRORS
RIGHTS TO DATA PORTABILITYAllows DS to easily obtain, move, copy, transfer and reuse data across
different IT environments and services.
XXX- negligence, unauthorized access and intentional breach
UNAUTHORIZED PROCESS FINES
Collection→ Storing→ Access→Sharing and Disclosing
TSM AND PSM in sharing and disclosing examples:
-transmittal forms
-sealed envelopes/boxes
-direct inquiries if properly received
DESIGNATED GROUPS
Example: Head of HR is internal PIC
PIP is third party who process payroll in behalf of company
RETENTION