Privacy and Security by Design (PSbD) Inc. introduce the PRIVAAS Privacy Seal Program.
Earning the PRIVAAS Privacy Seal has intrinsic value for your company. A privacy seal reflects your company values when it comes to personal data protection and substantiates your duty of care and desire to do no harm. The comprehensive PRIVAAS Privacy Seal Program (PSP), supervised by privacy professionals, covers all pertinent aspects of compliance with the Data Privacy Act of 2012. The Program includes the Five Pillars of Compliance and uses the 32 pt. Accountability and Compliance Framework.
Outsource DPO Function Service
Outsourcing DPO functions is a valid and legal option very few Philippine companies are aware of. Data protection services provided by third parties are widely practiced in the UK, Europe and allowed in the Philippines.
Based on the NPC Advisory No. 2017-01 titled” Designation of Data Protection Officer,” it is mandatory for all personal information controllers to designate an individual or individuals who shall function as the data protection officer or DPO. Related to this, the PIC or PIP may outsource or subcontract the function of its DPO or COP (compliance officer for privacy) provided,” where the employment of the DPO or COP is based on a contract, the terms or duration thereof should at least be two (2) years to ensure stability.”.
PSBD’s formidable team is composed of internationally certified privacy professionals and practitioners who previously helmed vital positions under the NPC. Our services include a privacy management tool we developed called PRIVAAS. PRIVAAS automates the most relevant aspect of DPA compliance and is the only tech tool you need to comply with your privacy obligations.
In general, PSBD offers to assume vital data protection functions and stabilize Cooperative Development Authority’s (CDA) data protection program for the next two (2) years. In line with this, we shall:
-
Monitor the company’s compliance with the DPA of 2012, its IRR, and issuances by the NPC.
-
Ensure the conduct of a Privacy Impact Assessment (PIA).
-
Advice the company on complaints and the exercise by data subjects of their rights (e.g., request for information, clarification, rectification, or deletion of personal data.
-
Ensure proper data breach and security incident management, including the company’s submission to the NPC of reports and other documentation concerning security incidents or data breaches within the contract period.
-
Inform and cultivate Privacy and Data Protection awareness within CDA.
-
Lead in developing, reviewing, and/or revising policies and guidelines relating to privacy and data protection by adopting a privacy-by-design approach.
-
Support the officially designated DPO in dealing with the National Privacy Commission.
The rules on personal data have changed but continue to evolve. However, the central message of the Data Privacy Act remains, and that is the personal liability of heads and responsible officers of companies for preventable breaches and violations of the DPA deemed committed by the organization.
Outsourcing the DPO functions to a trusted digital agent like PSBD, Inc. gives you the peace of mind that you are compliant with the regulator and accountable to your partners, clients, and citizens.
The solution is right in front of you and opens to address any concern you may have, request a meeting, proposal, or demo. You and your organization can inquire through info@psbd.tech or click the inquiry form below.
Outsource the functions of your data protection officer now.
Customization of the PRIVAAS Data Privacy Management System (DPMS) Software
Customize a Data Privacy Management System (DPMS) software for centralized management of the PIA, PMP, and DBMIR in accordance with the needs of the company/agency.
Privacy and Security by Design managed services includes:
Data Privacy Consultancy, Advisory, Training, and Breach Management and Response
Provide Data Privacy Consultancy, Advisory, Training, and Breach Management and Response- Day-to-day privacy program management assistance. Provide advice, recommendations, and consultations on matters related to data privacy throughout the effectiveness of the Project within the period required under the Service Level Agreement. a. Capacity Building. Train key organization officers and personnel on data privacy, accountability, and compliance. b. Breach Management and Response. In case of a Breach during the effectivity of the contract, assist the organization in proper incident response procedure and compliance with the mandatory notification requirements. c. Contractual Review. Provide guidelines on the proper preparation of Data Sharing Agreements (DSA) and Outsourcing Agreements. Review of DSA’s and Outsourcing Agreements. d. Regulatory Process Assistance. Assist in ensuring regulatory compliance for deliverables/submissions to the National Privacy Commission (registration, annual security incident reports, breach notifications, etc.) and the Department of Information and Communication Technology. e. Policy Review - Review existing policies and provide recommendations. f. Sustained Privacy Risk Analysis for Agile Response - Privacy risk analysis shall be an ongoing process to continually assess privacy issues (controls, risks, etc.) to achieve the intended effect of mitigating privacy risks and setting the environment for an agile response.
Data Breach Management and Incident Response (DBMIR)
Creation of a Data Breach Management and Incident Response (DBMIR) Program with training and transfer of knowledge on the management of personal data breaches and incidents. a. Formulation of a Security Incident Management Policy that provides procedures and guidelines to manage security incidents and personal data breaches. b. Formulation of an Incident Response Plan to manage security incidents and data breaches. c. Creation of a Data Breach Response Team (DBRT) with defined roles and responsibilities. d. Establishment of a mechanism for post-breach review.
Conduct of Privacy Impact Assessments (PIA)
Conduct Privacy Impact Assessment (PIA) with training and transfer of knowledge, which includes: a. Preparation of Records of Processing Activities, Data Inventory, and Data Flow Diagram. b. Risk Identification, Risk Assessment, and Formulation of Risk Treatment Plan where controls are determined to manage identified risks. c. Determining existing controls and level of compliance with the Data Privacy Act of 2012 (DPA). - adheres to the principles of Transparency, Legitimate Purpose, and Proportionality; - has reasonable and appropriate security measures to protect the personal data it processes; and - has mechanisms in place to uphold data subject rights. d. Preparation of Privacy Impact Assessment Report, which documents the complete assessment. e. Privacy Impact Assessment (PIA) Summary Report shall be ready for publication.
Formulation and Implementation of a Privacy Management Program (PMP)
Formulation and Implementation of a Privacy Management Program (PMP) with training and knowledge transfer, and documentation through a Privacy Manual and Privacy Program Road Map. a. Building a resilient privacy infrastructure supported by an adequate review and monitoring process to facilitate compliance with the Data Privacy Act of 2012, its IRR, and other NPC issuances through the implementation of a strategic data privacy compliance framework. b. Minimizing the risks of privacy breaches, including third-party risks, maximizing the ability to address underlying problems, and reducing the damage arising from breaches. c. Building trust with employees and citizens through open and transparent policies and practices and adequately handling data subject requests.
Vulnerability Assessment and Penetration Testing (VAPT)
Vulnerability Assessment and Penetration Testing (VAPT) are both different types of software security testing performed to identify and quantify the security vulnerabilities in the network server and software applications.
DPA Compliance Review
Conduct a DPA Compliance Review, an enterprise-level review of the organization’s current data privacy practices against the standards set by the DPA, its IRR, and NPC circulars and advisories.
Expert Representation
Provide expert advice and assistance during investigations, legislative queries, and other regulatory proceedings.
Privacy Resilience Test
• Breach drill • Internal compliance check
Other areas of consultancy / services:
• Data Intermediation
• Third Party Management
• Prosecution of Privacy Violations
• Transfer Impact Assessments