Data privacy compliance management system for the Data Privacy Office, De La Salle University, Manila
As the implementation of The Data Privacy Act of 2012 took place from 2016 until today, every institution in the Philippines has been required to conduct a compliance analysis of the Data Privacy, and the campus is no exception. De La Salle University's Data Privacy Office has been initiated in...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Animo Repository
2021
|
| Subjects: | |
| Online Access: | https://animorepository.dlsu.edu.ph/etdb_infotech/2 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | De La Salle University |
| Language: | English |
| Summary: | As the implementation of The Data Privacy Act of 2012 took place from 2016 until today, every institution in the Philippines has been required to conduct a compliance analysis of the Data Privacy, and the campus is no exception. De La Salle University's Data Privacy Office has been initiated in 2018 with an objective to conduct collection of Personal Data and Impact Assessment that has been submitted by the Internal Offices of the campus. Regarding this, the process of having to review all the submitted processes, their corresponding metadata, and the risk assessment, which are all recorded into separated spreadsheets per office, has been a challenge that has been faced by the office. In addition, the collection of consent has been an issue raised, since it has been collected, but not able to manage properly, due to lack of proper storage and monitoring. The issues raised above affected the office’s ability in generating reports, which might help them in prioritizing the offices and data processes with higher level of risk of handling personal data.
This paper introduces the development of the Data Privacy and Compliance Management System (DPC.ms) for the Data Privacy Office of De La Salle University. A management system that aims to solve the office's issue in generating essential reports, and storing collected consent that's needed for the internal data processes within the university; which are both required for the compliance of Data Privacy. This system consists of the following features that assist in the ease-of-business between the University Office Representatives and the Data Privacy Officer; namely – Batch Uploading of Internal Processes, CRUD functionality for the Metadata (e.g. Data Elements, Data Subject, Legal Basis, etc.), Risk Assessment Auto-calculation, Impact and Likelihood Questionnaire, and Consent Inventory Collection. |
|---|