Professional Documents
Culture Documents
Big Data Analytics in Accounting and Finance Assignment 3
Big Data Analytics in Accounting and Finance Assignment 3
Assignment 3
2301949040
Javier Noel Claudio
LB53 – LEC
Dewan Pelawi, S.Kom.,MMSI.
D2318
1. What measures are you taking to protect personally identifiable information (PII) within your
systems, including protection against linkage attacks?
Make sure you are compliant with regional laws in this area and are not putting your reputation at risk
from privacy infringement, even if legal.
Personally Identifiable Information is any type of information from which a specific individual
may be identified. That includes things like names, social security numbers, passport numbers,
or physical addresses. It also includes less obvious things like emails and phone numbers. To
protect PII:
2. If you have customers in Europe, what additional steps will you need to take to become
compliant with GDPR?
Remember that GDPR fines reach 4 per cent of global revenue.
11 things you must do now for GDPR compliance
1) Raise awareness across your business
The ICO urges businesses to start planning for GDPR as soon as possible, so you have time to
address budgetary, IT, personnel, governance and communications implications.
Key people and decision-makers need to be aware of the new legislation, so they can
understand the potential impact and identify areas that require attention for compliance.
Start by looking at your risk register, if you have.
The main rights for individuals under the GDPR are to:
allow subject access
have inaccuracies corrected
have information erased
prevent direct marketing
prevent automated decision-making and profiling
allow data portability (as per the paragraph above)
6) Identify and document your legal basis for processing personal data
Under the GDPR, some individuals’ rights will be modified, depending on your legal basis for
processing their personal data. For example, they could have their data deleted where you
use consent as your legal basis for processing. So you need to understand the various types
of data processing you carry out, identify your legal basis for carrying it out and document it.
10) Review your processes around Data Privacy Impact Assessments (DPIAs)
You may be required to carry out a privacy impact assessment (PIA) in a high-risk situation
such as a new technology deployment, or where operations are likely to significantly affect
individuals.
To prepare for such an eventuality, the ICO recommends you familiarize yourself with their
PIA Code of Practice so you can work out how best to implement DPIAs in your organization.
Think about where it might be necessary to conduct a DPIA in your organization. Who will do
it? Who else needs to be involved? Should the process be run centrally or locally?
3. If your organization does not have a privacy officer, whom can you consult for questions
related to privacy and data protection laws?
There are global firms that can provide advice spanning multiple jurisdictions.
If my organization does not have a Privacy Officer, then I can consult the privacy and data
protection laws related questions to the Data Protection Officer.
A data protection officer is responsible for managing and organizing the implementation of a
data protection strategy within a business. Their role is essential, as they ensure that an
organization complies with all GDPR requirements. As they create, update, and maintain a data
protection strategy, they protect both their company and its customers from privacy breaches,
fraud, and security threats.
Data protection officers report directly to senior management and should be granted full
independence to perform their tasks. They should be involved in all issues that relate to the
protection of personal data. It’s the responsibility of senior management to ensure that their
DPO is sufficiently resourced to perform all of their tasks in line with GDPR compliance.
Additionally, they should never be penalized for performing their duties.
4. When was the last time you reviewed an important internal report and realized the
terminology used was unclear or the data was inaccurate?
What steps did you take to address the problem?
Perhaps you want to initiate an internal reporting governance programme.
The following four key steps can point your company in the right direction.
Admit you have a data quality problem.
Just like any twelve-step program, admitting the problem is key. From there, follow the next
three steps for data improvement.
Focus on the data you expose to customers, regulators, and others outside your
organization.
Take a careful look at your system of controls. Is it up-to-snuff? Make sure — not only that
the right controls are in place, but that you’re actually using them. Every time.
Define and implement an advanced data quality program.
Making sure data leaves the door correctly may be a viable short-term alternative, but there
is already too much data, and the quantities are growing. Just as manufacturers found that
they had to “prevent errors at their sources,” so too with data. You need a quality program
that does so.
Take a hard look at the way you treat data more generally.
Almost everyone readily acknowledges that “data are among our most important assets.”
But they don’t manage them that way. Indeed, data are almost invisible. And the top person
responsible for data may be an architect buried deep in the bowels of IT. If this description
rings true, you need to get an aggressive data program, with real talent, budget, and teeth in
place.
References:
PPT BINUSMAYA
https://www.securicy.com/blog/seven-steps-to-protect-your-personally-identifiable-information/
https://www.clouddirect.net/11-things-you-must-do-now-for-gdpr-compliance/
https://cpdonline.co.uk/knowledge-base/business/what-is-a-dpo/#:~:text=A%20data%20protection
%20officer%20is%20responsible%20for%20managing,that%20an%20organisation%20complies
%20with%20all%20GDPR%20requirements.
https://hbr.org/2011/08/four-steps-to-fixing-your-bad-data