Madan Mohan
In the past decade, many organisations have realised the power of data, and the positive change it can bring to the organisations. It has now become the most valuable asset for many organisations across the world. According to one of the articles published by Forbes, 2.5 quintillion bytes of data were created every day, which is ever-growing. World economic forum estimates that 463 exabytes of data will be created each day globally by 2025 – that’s the equivalent of 212,765,957 DVDs per day!
As the world continues to create an enormous amount of data every day, which can either be business-related data or any structured/unstructured data (including Personally identifiable information (PII), or Protected health information (PHI)). Irrespective of the data types, it is essential for an organisation to acquire, manage, and safeguard the data appropriately, commensurate to the criticality of these data types.
The data acquired is also subjected to comply with international and local data privacy regulations, such as General Data Protection Regulation (GDPR), UAE - DIFC-Data Protection Law 2020 (DPL), Federal Law No. 2 of 2019 - ICT Health Law, Abu Dhabi - Healthcare Information And Cyber Security Standard (ADHICS), among other privacy requirements. These mandate the companies to invest in data protection strategies by defining their policies and determining the necessary controls to protect various types of data. Complying with the international and local regulatory standards and guidelines not only helps the companies in preventing themselves from regulatory fines but also helps them in maintaining the organisation’s reputation in the industry.
Our approach to data privacy audit starts with by understanding our client’s business, the requirement and purpose of collecting information, and how the data is being managed and secured throughout its lifecycle in the organisation. Some of the areas which would be audited are mentioned below: