Data governance is a complex endeavor that impacts a wide range of stakeholders, including employees, customers and partners. As such, it’s important to ensure that you have the right people in place to support, sponsor and steward your data governance program. To achieve this, it’s essential to develop a vision and an actionable business case. The vision sets out the broad strategic objective for building a governance program, while the business case outlines the specific business opportunity to be achieved through the use of data governance.
As a global leader in the IT ecosystem, Tech Data Distribution (Hong Kong) Limited (“Tech Data HK”) helps its customers leverage technology to solve business problems and unlock growth opportunities. As a trusted business partner, Tech Data HK unites compelling IT products, services and solutions from 1,500+ best-in-class technology vendors. The company’s 23,500 co-workers worldwide are dedicated to uniting innovation with customer business outcomes.
The collection of personal data continues to encroach on people’s privacy, which in turn raises consumer protection concerns across multiple jurisdictions. Digital content providers expanding into attractive markets need to tread carefully to avoid privacy minefields and address consumer protection issues in each market.
Whether a particular piece of data qualifies as personal data or not, the data user must fulfil certain obligations when collecting it. These include, among others, DPP1 (Purpose and collection of personal data) and DPP3 (Use of personal data).
To comply with these obligations, the data user must inform the data subject of the purpose of the collection and how the information will be used. It must also tell the data subject what rights they have to access, rectify and erase their personal data. It must also ensure that the data is not collected for any purposes other than those stated.
In the case of the collection of personal data for marketing or statistical purposes, the individual must be informed of the nature and purpose of the data collection, how long the data will be kept, and what it will be used for. The individual should also be provided with the opportunity to opt out of receiving any further marketing communications.
The data user must also protect the personal data against unauthorized access, processing, erasure, loss or use by using technological and organizational measures. These must include a data protection policy, security controls, data auditing and a process for responding to data breaches. In addition, the data user must take reasonable steps to make sure that its agents and contractors also comply with these requirements.