Data privacy and the rights of individuals matter now!
For business this is a company wide challenge involving governance through to structured process, procedures and controls at every level of operations.
Compliance requires the establishment of a corporate wide culture. Your organisation must implement appropriate and proportionate technical and organisational measures to protect personally identifiable data.
The benefits of achieving the highest standards in data privacy include:
There are however obligations to be met.
Subjects have much greater control of the personal data that organisations collect and process or manage the processing of. Privacy notices must be issued. Processing principles apply. There must be a lawful basis for the use of any personal data. Withdrawal of consent must be as easy as it was to give. Data subjects have rights including access, rectification, erasure and restriction. Responses to Subject Access Requests must be delivered in a timely fashion. In the event of a breech, should there be a risk to data subject's rights and freedoms, there are reporting requirements.
Failing to comply opens organisations up to significant penalties.
Appropriate policies, procedures and controls are derived from a clear understanding of data in use, held at rest or in transit. Organisational and technical measures introduced to protect personal data and ensure cyber security can then be proportional in accordance with the nature, scale and complexity of business operations.
Data Privacy legislation that CSS.bm products and services support include:
PIPA - Bermuda Personal Information Privacy Act 2016.
DPA - UK Data Protection Act 2018.
GDPR - UK / European General Data Protection Regulations.
CCPA - USA California Consumer Privacy Act 2018