Is data mapping essential for the foundation of data privacy in an organization?
Data mapping is a process that includes three primary questions and they are-
- Why do you process data?
- What data do you process?
- Where do you process data?
This is not only helpful for the organization in managing the users’ data but it is also resourceful during the audits by authorities as by exercising data mapping an organization can understand more about the data it collects and its timeline.
Data mapping also helps organization to track down thd data flow, which in return helps the organization to quickly respond to data subject access request(s) (DSAR).
Hence, the benefits of data mapping are many such as-
- It helps the organization in locating their users’ data in a granular form;
- It will help the organization to understand what all categories of data is being processed, which organizational units process such data and who has the access to such data;
- Moreover, it also helps organization in understanding whether they are processing such data on legal basis or not, and whether such processing of data falls within the requirement of the concerned data protection regulation or not;
- It makes the organization audit-ready;
- Lastly, data mapping is considered to be the foundation of every data privacy journey in an organization.
Major Privacy Updates of the Week
India to introduce six-hour data breach notification rule
Organizations in India face a six-hour data breach reporting deadline, following the introduction of new rules by the country’s computer emergency response team, CERT-In. The new rules will apply to critical parts of India’s network and IT infrastructure, including service providers, data centers, government organizations, and corporations. The reporting window is much shorter than those in other large economies: in the EU, the GDPR mandates that breaches are reported within 72 hours. Incidents can be reported by phone, fax or email. Organizations covered by the rule must keep logs for 180 days after an incident.
India to introduce six-hour data breach notification rule
Organizations in India face a six-hour data breach reporting deadline, following the introduction of new rules by the country’s computer emergency response team, CERT-In. The new rules will apply to critical parts of India’s network and IT infrastructure, including service providers, data centers, government organizations, and corporations. The reporting window is much shorter than those in other large economies: in the EU, the GDPR mandates that breaches are reported within 72 hours. Incidents can be reported by phone, fax or email. Organizations covered by the rule must keep logs for 180 days after an incident.
EC draft Regulation to create European Health Data Space
The European Commission has proposed creating a European Health Data Space (EHDS) that will make it easier for developers and manufacturers of medicinal products to access data for research. Currently, most health-related data held in the European Union is inaccessible to researchers and other stakeholders that could use it to inform the development of medicinal products. According to officials at the Commission, businesses “face important obstacles in accessing the data they need to develop new products,” notably because in many cases “consent is the only way to access data” for purposes other than its original use.
EC draft Regulation to create European Health Data Space
The European Commission has proposed creating a European Health Data Space (EHDS) that will make it easier for developers and manufacturers of medicinal products to access data for research. Currently, most health-related data held in the European Union is inaccessible to researchers and other stakeholders that could use it to inform the development of medicinal products. According to officials at the Commission, businesses “face important obstacles in accessing the data they need to develop new products,” notably because in many cases “consent is the only way to access data” for purposes other than its original use.
EU Hands Police Agency New Powers Over Personal Data
The European Parliament on Wednesday voted to hand the EU’s police agency new powers to gather and use data, provoking an angry response from privacy activists. The chamber overwhelmingly approved a proposal that allows Europol to work more closely with non-EU governments and share personal information with private companies. The European Union said the new regime was needed to help coordinate the fight against terrorism, child sex abuse and other serious crimes. But activists warned that oversight was too weak and the reforms would turn the police agency into a “data black hole”.
EU Hands Police Agency New Powers Over Personal Data
The European Parliament on Wednesday voted to hand the EU’s police agency new powers to gather and use data, provoking an angry response from privacy activists. The chamber overwhelmingly approved a proposal that allows Europol to work more closely with non-EU governments and share personal information with private companies. The European Union said the new regime was needed to help coordinate the fight against terrorism, child sex abuse and other serious crimes. But activists warned that oversight was too weak and the reforms would turn the police agency into a “data black hole”.
India to force VPN companies to hand over user data spark a stand off against government.
The stage is set for a stand-off between virtual provider network (VPN) companies and the Centre, over a new rule that requires the firms to collect and store user data for a period of at least five years. Some of the biggest VPN companies such as NordVPN or ExpressVPN state they collect only minimal information about their users and also allow for ways for their users to remain largely anonymous by accepting payment through Bitcoin. Their internal rules are now set to bring them into confrontation with the IT ministry, which last week quietly issued a new directive requiring an array of technology companies to start logging user data.
The official directions that sparked controversy come from CERT-In – the government body in charge of analysing and tracking national cybersecurity incidents. In a press release, it noted that all “Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers” would be required to maintain a range of user data for a period of five years or longer even after cancellation or withdrawal of the service.
India to force VPN companies to hand over user data spark a stand off against government.
The stage is set for a stand-off between virtual provider network (VPN) companies and the Centre, over a new rule that requires the firms to collect and store user data for a period of at least five years. Some of the biggest VPN companies such as NordVPN or ExpressVPN state they collect only minimal information about their users and also allow for ways for their users to remain largely anonymous by accepting payment through Bitcoin. Their internal rules are now set to bring them into confrontation with the IT ministry, which last week quietly issued a new directive requiring an array of technology companies to start logging user data.
The official directions that sparked controversy come from CERT-In – the government body in charge of analysing and tracking national cybersecurity incidents. In a press release, it noted that all “Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers” would be required to maintain a range of user data for a period of five years or longer even after cancellation or withdrawal of the service.
South Korea Admitted to NATO Cyber Defense Center
South Korea has joined NATO’s cyber defense group, the country’s spy agency said, making it the first Asian nation to join the agency amid raging online security threats from Russia, China, and North Korea. The National Intelligence Service (NIS) said it was formally admitted to the Cooperative Cyber Defense Center of Excellence (CCDCOE), which helps member nations and NATO members with cyber defense expertise. The spy agency will represent South Korea in the training and research activities of the organization based in Tallinn, the Estonian capital. “We plan to strengthen our cyber response capabilities to a world-class level by increasing the number of our staff sent to the center and expanding the scope of joint training,” the NIS said.
South Korea Admitted to NATO Cyber Defense Center
South Korea has joined NATO’s cyber defense group, the country’s spy agency said, making it the first Asian nation to join the agency amid raging online security threats from Russia, China, and North Korea. The National Intelligence Service (NIS) said it was formally admitted to the Cooperative Cyber Defense Center of Excellence (CCDCOE), which helps member nations and NATO members with cyber defense expertise. The spy agency will represent South Korea in the training and research activities of the organization based in Tallinn, the Estonian capital. “We plan to strengthen our cyber response capabilities to a world-class level by increasing the number of our staff sent to the center and expanding the scope of joint training,” the NIS said.
WEEKLY PRIVACY NEWSLETTER
Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!
*By clicking on subscribe, I agree to receive communications from Tsaaro
