{"id":183,"date":"2018-09-17T12:23:00","date_gmt":"2018-09-17T06:53:00","guid":{"rendered":"http:\/\/www.sws-international.com\/?p=183"},"modified":"2018-09-17T12:23:00","modified_gmt":"2018-09-17T06:53:00","slug":"evolution-of-data-governance-ecosystem","status":"publish","type":"post","link":"https:\/\/swstech.sws-international.com\/?p=183","title":{"rendered":"Evolution of Data Governance Ecosystem"},"content":{"rendered":"
\n

The emergence of Data Protection regulations is going to bring forward a new data governance ecosystem to regulate the business market place.<\/p>\n<\/div>\n

\n

While earlier, Cyber Security related work was predominantly seen only in IT world, and rest of organizations used to mostly work to get their ISO and Cyber Security regulations, a new paradigm is expected to evolve to regulate data importance across industry (both Tech and Non-Tech)<\/p>\n<\/div>\n

<\/div>\n
\n

The business place will evolve to have following entities apart from the users whose personal data is being processed by Controllers and processors.<\/p>\n<\/div>\n

    \n
  1. Data Controllers (and its representation by DPO)<\/li>\n
  2. Data Processors (and its representation by\u00a0DPO)<\/li>\n
  3. Certification Authorities<\/li>\n
  4. Independent Regulator (example in case of GDPR, Supervisory Authority headed by a Lead Supervisory Authority)<\/li>\n
  5. Government Body (Department dealing with Data Protection Laws)<\/li>\n
  6. Court<\/li>\n
  7. Data Protection Board (constituted in Europe to ensure consistent application of Regulation across members states)<\/li>\n
  8. [Standard Development Organizations]<\/li>\n
  9. Consulting Organizations<\/li>\n<\/ol>\n
    \n

    Data Controllers and Data Processors<\/span>\u00a0(#1 \/ #2), organizations capturing & processing personal data of users, shall appoint a\u00a0DPO\u00a0<\/span>(Data Protection Officer) who is going to be SPOC for end users (it is going to be mandatory for specific cases where significant personal data is going to be processed, or data being processed is of sensitive nature)<\/p>\n<\/div>\n

    <\/div>\n
    \n

    Certification Authorities<\/span>\u00a0(#3) are going to help evaluate technology and organizational implementations sufficiency to validate required level of adherence to Regulation.<\/p>\n<\/div>\n

    <\/div>\n
    \n

    Independent Regulator\u00a0<\/span>(#4) is going to ensure monitoring the application of Regulation, and act as bridge between Users and Organizations (both Private and Govt, including controller and processor).\u00a0 In case of European Union, there is going to be one or more supervisory authorities per Member State (in case of multiple authorities, Govt to decided which Supervisory Authority shall be representing authority in Board (#7)). The regulator will be lead by a Lead Supervisory Authority.<\/p>\n<\/div>\n

    <\/div>\n
    \n

    In case of contention, users will have right to Judicial proceeding against Regulator (supervisory authority), controller or processor (#4\/#2\/#3)in an appropriate\u00a0court of law\u00a0<\/span>(#6).<\/p>\n<\/div>\n

    <\/div>\n
    \n

    A\u00a0Data Protection Board<\/span>\u00a0(#7) has been constituted in case of European Union to ensure consistent application of Regulation across its member states. The Member State Government has right to participate in activities of Board (without voting right)<\/p>\n<\/div>\n

    <\/div>\n
    \n

    Apart from this, several organizations (self driven, industry specific) are evolving that provide for standard and code of conduct for several domain \/ sector specific requirements.<\/p>\n<\/div>\n

    <\/div>\n
    \n

    The market place has already several\u00a0Consulting\u00a0<\/span>and Solution providing organizations (#9) that are already providing several services to Data Controllers \/ Processors, including but not limited to following:<\/p>\n<\/div>\n