[ad_1]
This allowed them to support about 50 million Facebook user accounts.
The result of this violation is a potential US $ 1.63 billion fine from the European Union under the last privacy law, provided that the Data Protection Commission (DPC) ) in Ireland determines the number of users in the EU affected.
Since the entry into force of the General Data Protection Regulation (GDPR), Facebook's security breach will be a case study for many organizations and legislators around the world. Priorities and policy decisions will be considered for future reference and best practice.
Privacy laws are becoming a central theme around the world. With the recent violation of Facebook and the borderless nature of the digital world, any organization with websites or apps that allow a connection to Facebook must determine the potential risks of Facebook breaching by its customers and the strength of its own data and confidentiality. policies.
In Southeast Asia, the total population of the 10 Asean member countries stands at 634 million with a combined GDP of 2.55 billion US dollars reported in 2016. It is the sixth largest economy in the world with a total trade of 3.7 billion US dollars. The projected annual growth of 5% indicates that it will become the fourth largest economy by 2030. The population of Internet users and mobile devices, who knows the most Strong growth will grow the fastest, with online spending expected to reach $ 200 billion by 2025. This growth makes it a prime target for hackers.
Thailand has a multi-year plan to develop digital capabilities in all sectors of the economy and is expected to pass a data protection law this year once the bill has been approved by Cabinet and submitted to the government. National Legislative Assembly.
The law is aligned with the EU's GDPR, which means that most organizations that have taken steps to comply with the GDPR that came into effect on May 25 will either comply or have no difficulty comply with the Thai Data Protection Act to protect the data of their citizens.
What if you do not have to comply with the EU GDPR? How should your organization prepare for the next data protection law or even prepare for the potential impact of the Facebook violation?
To begin, you need to know if you know the answers to the following questions:
1. Where is your business active today?
2. What data does your company collect?
3. Where do your data reside?
4. Where do your customers live?
5. What are the data protection and privacy regulations in the above-mentioned countries?
6. What is your company's roadmap in the next five years?
The questions above will help your organization determine your next steps:
1. Scope of the assessment of data privacy for your organization – to determine your risk levels and existing controls;
2. implement classification and labeling of data, and;
3. Implement a data protection and classification solution
The steps above ensure compliance with the key principles of the GDPR or any robust data protection and privacy program. These principles are:
1. New data rights – especially data portability
The RGPD gives each person the right to access his / her personal data upon request, request rectification of inaccurate data and oppose the processing of his / her data, etc.
In this case, your company must be able to provide your client with a copy of all
the personal data you have about them; and the ability to transfer this data to another data controller or service provider at their request.
This may result in increased competition as privileged services will have the benefit of retaining customer data. As a result, businesses need to rethink their business strategy, from customer experience to value-for-service, and adopt a customer-centric approach to compliance.
2. Keep records of treatment activities
A complete overview of the processing activities that take place in an organization is necessary and you should also document these activities accordingly. The breadth and depth of this requirement requires a proactive and collaborative approach on the part of organizations. To be successful, business units must be involved in designing a process with clearly defined roles and responsibilities, as well as in a central registry of records. The resulting additional benefits can be streamlined processes, better risk management, and deeper knowledge of activities / operations.
3. Privacy by design and default
Confidentiality right from the design requires to consider confidentiality during the development process of any product or service. While the default privacy requires that privacy be a default setting that allows the customer to customize the amount to share with others.
This requirement is good practice to ensure that customers' privacy is always protected, thereby restoring trust between customers and businesses.
Parichart Jiravachara is a partner and risk advisor at Deloitte Thailand.
Source link
