Wondering why there are many organisations that suffers data privacy breach although they are certified DPTM? Worst, some of them are even ISO/IEC 27001 & ISO/IEC 27701 Certified.
Compliance to Data Privacy Laws & Regulations such as the Singapore Personal Data Protection Act (PDPA) as well as the European General Data Protection Regulation (GDPR) is no longer just a legal subject. With the proliferation of information technology, this goes beyond legal issue, as such, will need an in-depth technical expertise to recalibrate the organisation’s operational processes vis a vis operational data flow coupled with technology enablement.
Collection and retention of personal data is inevitable for all Organisations – from sales and marketing, human resource management to security management activities. Especially for Organisations involving personal data in their business operations (e.g. social media, accounting activities, banking activities, healthcare informatics, etc), the protection of customer personal information is an absolute mandate. All personal data collected must be consented, protected, distributed in a controlled manner and destroyed appropriately. Any personal data leakage or misuse will result in severe legal consequences.
With the installation of Maximus Data Privacy Framework, the Organisations will be able to reap the following benefits.
Consolidate of personal data sources to streamline the cost of implementation.
Adopt a holistic privacy-by-design principle for system implementation.
Limit the entry points to disseminate personal data in a controlled manner.
Maximus commences the programme implementation by conducting Organisation business understanding to develop personal information inventory. A gap analysis is then conducted from both management and technical perspectives to identify the current deficiencies in terms of data privacy & protection.
Based on the gap analysis outcome, Maximus will recommend the establishment of processes needed for legal compliance (e.g. personal data request and extraction process), establishment of privacy related policies and processes, implementation of technology to aid in preventing personal data leakage as well as awareness training for personal data protection. The Organisation is expected to adopt these recommendations to meet compliance requirements.
Maximus then conducts regular data privacy compliance audit at both management and technical areas to ensure that the Organisation observes the data privacy requirements set forth by legislators.
Our Solutions
Baseline Security Assessment
(Tiered Cybersecurity Standards for Enterprises)
Data Privacy Impact Assessment
Privacy-by-Design Advisory
Data Privacy Risk Management
(Tiered Cybersecurity Standards for Enterprises)
Process Engineering
(DPTM, Information Security & Cybersecurity Processes and Data Breach Plan)
Governance Engineering
(DPTM Policies, Information Security/Cybersecurity Policies)
Data Breach Exercise
Performance Monitoring & Review
If you want to learn more about how we assist organizations in operationalizing and managing multiple risk disciplines while keeping a fine balance in reducing audit fatigue, feel free to contact us.