Click on the blocks available below to check out our privacy programs based on your requirements and jurisdiction.
GDPR, since its enactment in the year 2018, has been a benchmark for privacy compliance and is considered the golden standard for protection of data and enhancing privacy. The regulation contains provisions and requirements related to the processing of personal data of individuals on the basis of certain principles, who are located in the EEA. It applies to organizations which are located in the EU and other organizations which have their businesses extended to impact data subjects of the EU region, regardless of the business location. Thus a business in India as well would be required to incorporate measures for data protection in India. The provisions of GDPR mandate compliance with its data privacy and processing principles and requires organization to to ensure that its data collection and handling practices are conducted in conformity with the enshrined legal basis and data subject rights. The focus of our GDPR consultancy services, as a part of our data protection services is delivering GDPR compliance solutions which are flexible practical and ensure business continuity.
Data Protection practices in the top-three territorially largest countries of North America, are regulated by specific legislation in their respective jurisdictions. Certain states of the U.S. have enacted their dedicated data protection laws that regulate and protect the data of its citizens, such as California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), Connecticut Data Breach Law (CDBL), and Oklahoma Computer Data Privacy Act of 2022. Canada is governed by the country’s federal law, the Personal Information Protection and Electronic Documents Act (PIPEDA), which is a dedicated law for regulating privacy practices in the private sector. Canadian provinces of Alberta, British Columbia, and Quebec have also passed similar legislations. Similarly, Mexico has dedicated federal legislation for data protection, called ‘The Federal Law on Protection of Personal Data held by Private Parties’ which regulates the data protection practices of the country’s private sector.
The countries of Saudi Arabia, Kuwait, the UAE, Qatar, Bahrain, and Oman form the consortium of Gulf Cooperation Committee. While some of the countries do not have a dedicated data protection law, different sectorial regulations provide compliance guidelines in the regions. The legislations require a standard code of measures and security implementations for stringent protection of personal data generating a need for data protection services.
The Personal Data Protection Bill (PDPB) is due to be enacted in India soon and generate an infrastructure for data protection in India. The bill lists compliances, obligations and responsibility for organisations to ensure protection of personal data. It sets out provisions to regulate the processing of personal data within Indian Territory, by entities incorporated under Indian law and entities located outside the Indian Territory but with some tangible business connection with India, thus enhancing data protection in India. With the bill gaining tremendous importance and the introduction of the law will enhance compliances and measures for data protection in India. It is imperative for business to start aligning their privacy program with the Indian data protection regime and our data privacy services ensure just that.
Singapore passed its Personal Data Protection Act 2012, where both Singaporean organisations and organisations outside of Singapore engaged in data use, collection, or disclosure within Singapore will have to comply with the new Singapore PDPA. Malaysia’s Personal Data Protection Act, 2010, has many similarities with the European Data Protection Directive. Similar to Malaysia’s PDP, the Philippines’ Data Privacy Act, 2012, is influenced by the European Data Protection Directive. Recently, in its 2021 amendment, it is set to define biometric and genetic data. Thailand is set to have its Personal Data Protection Act 2019 enforced from June 1, 2022. In Vietnam, the Ministry of Public Service February 2021 released a draft of their Personal Data Protection Bill, which has not been finalised yet but is anticipated to take effect from 2022 to 2023.
A global privacy program is a business necessity for large and multinational organizations having business concerns across jurisdictions. With privacy legislations and regulations mushrooming all over the world, such organizations are required to adopt a global privacy program which will ensure that its fragmented privacy program is aligned to the global privacy norms and mandates and supports compliance of multiple privacy regulations. Thus, any major entity operating physically and virtually across multiple borders and engaging with citizens of different countries have a higher mandate to devise their privacy policies so as to ensure seamless compliance with a multitude of privacy laws. Our data protection services entail offering a customized program for an Organisation that may be a multi-faced project which would include a centralized policy, establishment of a dedicated privacy officer, risk-assessment and compliance regulation. As a part of our data privacy services, our global privacy program is fit for organizations looking to put in place a privacy strategy that ensures global compliance and business value.
As a risk assessment exercise, a Data Protection Impact Assessment is essential for an organization, to judge its controls and procedures for protection and processing of data and thus forms an integral part of our data protection services. The assessment take the shape of flexible processes aimed at systematically recognizing, analyzing and managing the risk potential of any data processing operation. This effectively allows an organisation to assess the kinds and levels of risk posed by a proposed plan or processing operation. It helps to saves the organization from potential security incidences and compliance lapses that may expose them to fines and penalties. As a part of data privacy services, we offer a customized and concurrent Data Protection Impact assessments in order to evaluate the gaps in data handling measures and practices of the company to help them achieve seamless business growth without worrying about data privacy oversights.
A Data Protection Officer (DPO) is a position within an Organisation that acts as an independent advocate for the proper care and use of personal information. Under the General Data Protection Regulation (GDPR) all businesses that hold any form of personal information on any individual within the European Union, may need to legally appoint a data protection officer. A company may appoint a single DPO to act for a group of companies or public authorities. If a DPO covers several organizations, they must still be able to perform their tasks effectively, taking into account the structure and size of those organizations. This means it should be considered if one DPO can realistically cover a large or complex collection of organizations. It should be ensured that they have the necessary resources to carry out their role and be supported with a team, if this is appropriate. DPO as a Service (DPOaaS) is a specialized outsourced service offered by Privacy Desk as a part of our data protection services, to help companies reduce costs on data protection resources, but still get the best expertise and a cost-effective key to their data protection and privacy compliance.
Reach out to us to assess your requirements for data protection and privacy and implications and discuss your other privacy requirements with us, via filling the below form. We will get back to you soon.