pnrerenrer ttre Establishing Date Privacy Governance 3: Records of proces scien 7, Conduct ofa Privacy Impact Assesorer (PA) Tl 5 Formulate your organization's privacy managerere program (PMP) cs prvary anal and corplants mechanism Prnacyin Day-to-Day information Lif Cycle Operations (To BeIncuded inthe Privacy Manual) 7. informing cata subjects of your oersonal oration processing tives ane obtain thelr conser, when necessary. (Prvacy Netice) . Formulation of polices/roredures that allow data subjects T00Dh subsequent processing or changesto the information supple to them re 5: Polces for ining cata procening according is delared,spea legiimte purse 10. Polcies/oroceaures for provid dt information inludng Rs sources, reciplerts, method of cll Rec with Secs to hee personal , purpose of dscosie to third pares, automateapreceses, sancidentty of | crexiow aND| the controler (Oata Subject Access Reauest) ouECTION, TL Poleien procedures that alow dats subjects Gupte Waccurse/orarmr?| STORAGE, ther personal information inducing poles/orocedures to teen the sameupt> | rpansmassiOn| ate USE AND 12. Poles procedures that alow a Gta sab raw 6 OTGer te | DISTRIBUTION, blocking removal or destruction of ther personal information RETENTION, AND 13Polles/precedures for acepting and adcresingconplants from data subjects e = —— DestRUCTION/ Te Pelcienprecedures that alow data subjects get naennifad orany SOEs] opsooar sustained ve to se ate, incompiete, ousted, false ard unlawtully Sbiaines or unshared use of sersral information TS Polelar procedures tat slow dats wobjcte obtain Wom fe personal infermation cotellera copy of his or her persoral cata processed by electronic means andin a structured and commonly used format 16, Poldes/provedures fr creation and collection, ara, WensTiSion Use ara ‘dst-baton, retaining personal data for ony aimee pevod or un the purpose of the processing has been seNeved, ang enering tat eats scurey Socroyed or disposed of V. Managing Personal Data Securty Risks 17 Implemant sppropente ara eticantorgannstional gary measures Paleles ans pracedures i place) 18. mglernentapproprate ard siicent price Secary measures [Physial ACCS a Design anc infrastructure) T5:imglerventapprograte ard SUCantTECNNaTSECUTTY MEASUTES [ATEWAIS, FETE, ADCO Control Poicy, Security of Data Storage, end Othe Information Security Tools) 20. Complance WEN tre OPA Daa sreaen Nanagemer: Requirements (e4.SECUTY POICY, cata breach Response Team, Incident Reegonde Procedure, Document, Sreach Nawiheation) 24, Matatig data privacy equlrenerts (Legal Sess for Dscosure, Oatashating AFEEMENS, Croce order, Security of Transfer] er tird arces lag, clients, vetdors, procesios, oliates) 22, Perlode and mangatery personnel taining en pivary and estsprotecton in general andi areas rafectng pbupececoncant 72 lesance of Security Caarancafor taza Fanaing patcoral Sr 24, Scheduling of Regular PA for new and exiting programs systems, processes and projects 25, Review of lies and Procedvrescon a regula Bais 26. Scheduling of Regular Complonce Monitoring, Internal Aseanrents ard Secu Aus 27. Review, val rand update of Privacy Manual 2 Regular aluation af racy Management Progam [Ealing a cukure of pany by obining earcnons ov Bare iternstional eansares Te eve aS 30. Monitoring of emerging teshnologies, new risks of ta processing ana the Privacy Eeaystem TE Keeping 3k o Geta prvany bent race, Secor SpeCHE HONGO, ane Roreoenna| ae protection tandarse 32. Seeking au requirements Ghd lg oprion or new National Privacy Commision (NPC) Bsuances Or