What is Personal Data :

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Examples of Personal Data:

• Cookie
• Name
• Email
• Address
• biometric element (facial recognition, fingerprint) used for identity verification, a person’s location
• Occupation
• Gender
• physical factor
• Medical information
• Bank detail
• IP address
• Culture identity
• Meta Data
• Device IMEI numbers
• Sim Card ID’s
• Phone Number
• Photo
• Social Network Posts

As you have completed the initial setup for Data Management to cover the below:

• Obtain consent from data subjects to process their data
• Provide data subjects with privacy notices that describe how their data is used
• Ability to comply to data subject request to discontinue processing forms of personal data
• Established an easy accessible way for data subjects to communicate with the organization on privacy matters
• Ability to correct inaccuracies or complete partial instances of data subject personal data when requested
• Established a mechanism to locate and erase personal data on request
• Establish a mechanism to provide data subjects a copy of their personal data, including in an electronic form
• Setup Policies and Procedures to restrict processing of data if required.

The next Step here is to:

• Assign a Data Protection officer (DPO)
• Identify risks and develop your organization structure, processes, products & technology to focus on data protection and privacy.
• To create and maintain a risk management program for data privacy.
• Invest in technologies to encrypt the identified personal data.
• Study if your organization is proactively taking measures to avoid breaches, and test the current security measures.

What is Data Governance?

Data governance (DG), the management of data availability, usability, integrity and security within an enterprise. A sound data governance program should cover the enterprise’s ability to set defined procedures and plans to enforce such procedures.

Does your organization have Data Governance for your cloud Backup Solution?

• Data should be protected against accidental or unlawful destruction, loss, alteration and disclosure.
• Must take proactive measures to enhance data security.
• Must design the internal data processing procedure and continue assess the security.

• Is the organization planning how to develop its technology, products, processes and organizational structure with data protection and privacy as key components, and is it aware of the gaps for doing so?
• Is the organization aware of technologies to encrypt personal data and has it encrypted some personal data such as government identification numbers, birthdates, or banking numbers?
• Does the organization have an on going effort to identify needed people, process and technology controls to protect the confidentiality, integrity, and availability (CIA) of personal data?
• Is the organization aware of the potential impacts from breaches of personal data and does it have a response plan in place?
• Does the organization perform testing of its security measures, whether through technical means, social engineering, or tabletop exercises?

• Does the organization maintain records of processing activities with some additional information regarding the purpose or scope of the activities?
• Does the organization have documentation of ongoing personal data transfers into and out of EU?
• Does the organization maintain an inventory of processes that transmit personal data to third-party service provider?
• Can the organization determine risks associated with personal data processing?
• eDiscovery enables the Data controller to run investigations for data breaches more efficiently.