b setting up a privacy program

0 comments 6.275 views

Setting up a privacy function and program is a regulatory requirement in many countries.
Clients can outsource the setting up of the privacy program to CyTRAP Labs, ensuring that all the necessary policies, functions and processes are set up in an appropriate, effective and cost efficient manner.
When acting in this capacity, CyTRAP Labs confirms any course that it will design and implement regarding technology, security procedures, reengineering of processes and services, establishing baseline measures and metrics with a client beforehand.

Setting up the privacy function

Based on the Bundesgesetz – Datenschutz (DSG) (SR 235.1) (including the addendum)and other pertinent EU/BRD regulation, setting up the privacy function in an enterprise requires the completion of a set of tasks that facilitate:

– running of the function in an effective way and, as importantly,
– being legally compliant

Below we describe a few issues pertaining to this work in some more detail.

What is needed to operate a well-structured privacy office?

Demonstrating accountability, managing customer interactions, and managing internal privacy initiatives require a structured Privacy Office. Standard forms, documents and procedures are needed to accomplish:

– compliance audits
– customer access requests
– compliance management and reporting
– ongoing education programs
– consent change management
– monitoring of third parties
– privacy consultations and
– conflict resolutions

Privacy – setting up policies and their implementation

Corporate privacy policies are created either as a guideline for the business units or for customer consumption, or both. It is general and legal in nature, with a subset of the policy becoming the privacy statement on your website.

Business units may create specific policies, based on the guidelines, to reflect the unique nature of their business.

Globalization is making regulatory compliance ever more complex. For instance, a Swiss Holding company might have to comply with the Realignment of the Swiss OR – Art 727 OR: (Art 728a Para 1 Nr. 3 OR) and privacy regulation and, due to its international activities, also with the European Union regulations, and so on.

An enterprise’s overall privacy policy may have to serve as a template for subsidiaries while national regulations may require slight adjustments. However, the better the corporate template the less likely a local subsidiary will have to adjust the policy. Put differently, privacy policy that integrates German, Canadian, U.S. and European Union regulation is unlikely to require much local modifaction. Hence, the policy will work in more than one jurisdiction.

Running the privacy function

Important is to understand that these tasks and jobs must be done regardless whether the position is being kept in-house or is being outsourced.

For more information, contact us directly