pnrerenrer ttre
Establishing Date Privacy Governance
3: Records of proces scien
7, Conduct ofa Privacy Impact Assesorer (PA)
Tl
5 Formulate your organization's privacy managerere program (PMP)
cs prvary anal and corplants mechanism
Prnacyin Day-to-Day information Lif Cycle Operations (To BeIncuded inthe Privacy Manual)
7. informing cata subjects of your oersonal oration processing tives ane
obtain thelr conser, when necessary. (Prvacy Netice)
. Formulation of polices/roredures that allow data subjects T00Dh
subsequent processing or changesto the information supple to them
re
5: Polces for ining cata procening according is delared,spea
legiimte purse
10. Polcies/oroceaures for provid dt
information inludng Rs sources, reciplerts, method of cll
Rec with Secs to hee personal
, purpose of
dscosie to third pares, automateapreceses, sancidentty of | crexiow aND|
the controler (Oata Subject Access Reauest) ouECTION,
TL Poleien procedures that alow dats subjects Gupte Waccurse/orarmr?| STORAGE,
ther personal information inducing poles/orocedures to teen the sameupt> | rpansmassiOn|
ate USE AND
12. Poles procedures that alow a Gta sab raw 6 OTGer te | DISTRIBUTION,
blocking removal or destruction of ther personal information RETENTION,
AND
13Polles/precedures for acepting and adcresingconplants from data subjects
e = —— DestRUCTION/
Te Pelcienprecedures that alow data subjects get naennifad orany SOEs] opsooar
sustained ve to se ate, incompiete, ousted, false ard unlawtully
Sbiaines or unshared use of sersral information
TS Polelar procedures tat slow dats wobjcte obtain Wom fe personal
infermation cotellera copy of his or her persoral cata processed by electronic
means andin a structured and commonly used format
16, Poldes/provedures fr creation and collection, ara, WensTiSion Use ara
‘dst-baton, retaining personal data for ony aimee pevod or un the purpose of
the processing has been seNeved, ang enering tat eats scurey Socroyed or
disposed of
V. Managing Personal Data Securty Risks
17 Implemant sppropente ara eticantorgannstional gary measures Paleles ans pracedures i
place)
18. mglernentapproprate ard siicent price Secary measures [Physial ACCS a
Design anc infrastructure)
T5:imglerventapprograte ard SUCantTECNNaTSECUTTY MEASUTES [ATEWAIS, FETE, ADCO
Control Poicy, Security of Data Storage, end Othe Information Security Tools)
20. Complance WEN tre OPA Daa sreaen Nanagemer: Requirements (e4.SECUTY POICY, cata
breach Response Team, Incident Reegonde Procedure, Document, Sreach Nawiheation)
24, Matatig data privacy equlrenerts (Legal Sess for Dscosure, Oatashating AFEEMENS,
Croce order, Security of Transfer] er tird arces lag, clients, vetdors, procesios, oliates)
22, Perlode and mangatery personnel taining en pivary and estsprotecton in general andi areas
rafectng pbupececoncant
72 lesance of Security Caarancafor taza Fanaing patcoral Sr
24, Scheduling of Regular PA for new and exiting programs systems, processes and projects
25, Review of
lies and Procedvrescon a regula Bais
26. Scheduling of Regular Complonce Monitoring, Internal Aseanrents ard Secu Aus
27. Review, val
rand update of Privacy Manual
2 Regular aluation af racy Management Progam
[Ealing a cukure of pany by obining earcnons ov Bare
iternstional eansares
Te eve aS
30. Monitoring of emerging teshnologies, new risks of ta processing ana the Privacy Eeaystem
TE Keeping 3k o Geta prvany bent race, Secor SpeCHE HONGO, ane Roreoenna| ae
protection tandarse
32. Seeking au
requirements
Ghd lg oprion or new National Privacy Commision (NPC) Bsuances Or