THE DEVELOPMENT OF DATA PRIVACY PROGRAM FOR DATA PROCESSING AND RISK ASSESSMENT PLANNING AREA FOCUS IN BANDUNG INSTITUTE OF TECHNOLOGY
Privacy protection is a necessity for organizations that process personal data, including the Bandung Institute of Technology (ITB). Currently, the processing of personal data is still carried out without standards at the organizational level and at the Work Unit level. Efforts to protect persona...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/66649 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Privacy protection is a necessity for organizations that process personal data, including the
Bandung Institute of Technology (ITB). Currently, the processing of personal data is still
carried out without standards at the organizational level and at the Work Unit level. Efforts to
protect personal data are also still limited to the prohibition of disclosure by PPID ITB. From
these problems, there is a privacy risk that threatens the data subject. To support ITB in
protecting the privacy of data subjects, hence a Data Privacy Program development is proposed.
This solution was developed within the framework of the InfoSys Research Group through
requirements gathering, gap analysis, roadmap development, and implementation. The
collection of requirements includes the drivers, risk mapping, and the development of
governance structures and tasks. Gap analysis includes business process mapping, Data
Protection Impact Assessment, and identification of privacy risks. The program roadmap
contains the development of initiatives based on cost, effort, business alignment, and privacy
risk reduction benefits. The development analysis in this report only covers the focus area of
data processing and risk assessment planning.
The results of the development of the Data Privacy Program contain 36 initiatives to be
implemented over 5 years. The proposed initiative will increase the privacy maturity of the
organization from 1.69 to 3.33. The Data Privacy Program requires a budget of IDR 1.56 billion
and an effort of 19.20 FTE. In addition, there are main document deliverables, namely the Data
Protection Policy, Data Retention Policy, Cookie Policy, and Privacy Notice. To overcome the
differences in needs due to the implementation time interval, there are recommendations for
maintaining supporting documents for the main stakeholders, namely the CIO and BAI ITB.
With the Data Privacy Program, ITB can initiate best practices for managing personal data,
meeting compliance, and protecting the privacy of data subjects. |
|---|