Christopher Docksey Ho Hon. . Dire Director r Ge General ral, - - PowerPoint PPT Presentation

▶

Jan 08, 2024 379 likes •544 views

Christopher Docksey Ho Hon. . Dire Director r Ge General ral, , EDP DPS Guernse Gu rnsey Dat Data a Pro rotectio ion n Au Autho horit rity #ICDPPC2019 The ICDPPC and Accountability Madrid Resolution on International Standards

SLIDE 1

Christopher Docksey

Ho Hon. . Dire Director r Ge General ral, , EDP DPS Gu Guernse rnsey Dat Data a Pro rotectio ion n Au Autho horit rity

#ICDPPC2019

SLIDE 2

The ICDPPC and Accountability

#ICDPPC2019 The responsible person shall:

Take all the necessary measures to observe the principles and
bligations set out in this Document …, and
Have the necessary internal mechanisms in place for

demonstrating such observance both to data subjects and to the supervisory authorities

Madrid Resolution on International Standards for the Protection of Privacy

6 November 2009, Article 11

SLIDE 3

#ICDPPC2019

SLIDE 4

Rechenschaftspflicht – rozliczalność - responsabilité

la responsabilidad proactiva y demostrada Actively developing compliance and being able to demonstrate compliance “A rose by any other name would smell as sweet”

The Meaning of Accountability

#ICDPPC2019

SLIDE 5

Accountability across the world

#ICDPPC2019

1980 2000 2005 2013 2014 2015 2016 2017 2018 2019 2009 2010 2011 2012

Guidelines on the Protection of Privacy and Transborder Flows of Personal Data APEC Privacy Framework PIPEDA Schedule 14.1 Principle 1 : Accountability WP29 Opinion 3/2010 on Accountability EU: General Data Protection Regulation Brazil: General Data Protection Law Colombia: Guide for the Implementation

f Accountability

in Organisations Australia: Privacy Management Framework

Philippines Privacy Accountability and Compliance Framework Singapore PDPC

Based on diagram by Maastricht University Hong Kong: Privacy Management Program Best Practice Guide Canada: Getting Accountability Right With a Privacy Management Program The Madrid Resolution Global Accountability Dialogue Mexico: Law 2010, Regulations 2011 OECD Revised Guidelines Convention 108+ Guernsey: Data Protection Law

SLIDE 6

accountability is a global standard
both law and guidance are required
GPEN 2018 Data Sweep
IAPP / EY 2018 Report
the solution, not the problem

Accountability as the solution

#ICDPPC2019

SLIDE 7

Accountability as a toolbox

#ICDPPC2019

Privacy by design and privacy by default
Records of processing activities
Security measures and
data breach notification procedures
DPO – privacy officer
DPIA – privacy impact assessment
Codes of conduct
Certification

SLIDE 8

The “Aha!” Moment

#ICDPPC2019

A philosophy of being a responsible and ethical steward of personal information

SLIDE 9

Accountability in action

#ICDPPC2019

“the first among the principles because it is the means by which organisations are expected to give life to the rest”.

Organisational commitment
Privacy Management Program
DPO – privacy officer
Transparency – to individuals,

regulators and the public

SLIDE 10

Why accountability: advantages for regulators

#ICDPPC2019

Satisfies due diligence, enables prioritisation
Minimises over-reporting
Provides a bridge between jurisdictions
Means leadership, support and guidance, in

addition to enforcement

SLIDE 11

Why accountability: advantages for organisations

#ICDPPC2019

Preparation for the known unknowns
Ready for the regulator
Reputation and competitive advantage
Methodology for dealing with AI

SLIDE 12

“Whatever can go wrong will go wrong”

Fail to plan, plan to fail
Fines support accountability
Enforced accountability
Damage to reputation, damage to business

Accountability when things go wrong

#ICDPPC2019

SLIDE 13

“Privacy has a cost” – US Supreme Court
“Privacy is the constitutional core of human

dignity” – Indian Supreme Court

“Effective and complete protection” - CJEU
by way of “high levels of accountability” in

view of the “central theme” of accountability

Accountability and the courts

#ICDPPC2019

SLIDE 14

Accountability is world-wide
“Crucial, crucial” for data protection
Proactive and demonstrable responsibility

woven into the cultural and business fabric

f organisations
Regulators must explain and enforce
Leads to the flowering of Accountability 2.0

Conclusions

#ICDPPC2019

SLIDE 15

“Not everything that is legally compliant and technically feasible is morally sustainable”

Giovanni Buttarelli

Christopher Docksey

Ho Hon. . Dire Director r Ge General ral, , EDP DPS Gu Guernse rnsey Dat Data a Pro rotectio ion n Au Autho horit rity

#ICDPPC2019

The ICDPPC and Accountability

#ICDPPC2019 The responsible person shall:

demonstrating such observance both to data subjects and to the supervisory authorities

Madrid Resolution on International Standards for the Protection of Privacy

#ICDPPC2019

Rechenschaftspflicht – rozliczalność - responsabilité

la responsabilidad proactiva y demostrada Actively developing compliance and being able to demonstrate compliance “A rose by any other name would smell as sweet”

The Meaning of Accountability

#ICDPPC2019

Accountability across the world

#ICDPPC2019

Accountability as the solution

#ICDPPC2019

Accountability as a toolbox

#ICDPPC2019

The “Aha!” Moment

#ICDPPC2019

Accountability in action

#ICDPPC2019

“the first among the principles because it is the means by which organisations are expected to give life to the rest”.

regulators and the public

Why accountability: advantages for regulators

#ICDPPC2019

addition to enforcement

Why accountability: advantages for organisations

#ICDPPC2019

“Whatever can go wrong will go wrong”

Accountability when things go wrong

#ICDPPC2019

dignity” – Indian Supreme Court

view of the “central theme” of accountability

Accountability and the courts

#ICDPPC2019

woven into the cultural and business fabric

Conclusions

#ICDPPC2019

“Not everything that is legally compliant and technically feasible is morally sustainable”

1957 - 2019

#ICDPPC2019