The Age of the Chief Privacy Officer (CPO)

Updated: December 21, 2019

In 2018, when the EU passed the General Data Protection Regulation (GDPR) bill, privacy laws had finally caught up with internet. Some 107 countries across the world have already instituted legislation for data security and privacy. India’s policymakers have kept the pace – with the Personal Data Protection (PDP) Bill, 2019 being debated currently.

An important aspect of these laws is that they govern how organisations handle personally identifiable information (PII) through its lifecycle – from collection, storage, archival, and disposal.

In a digital age moving increasingly towards integration; the offline to online journey is smoothened through data sharing between eco-systems. This is essential towards the success of the digital economy. Most companies trying to navigate this will have to ensure certain best practices for compliance. The first of such practices could be in creating an internal task force within organisations, to focus on information governance and data privacy specifically; possibly presided over by a Chief Privacy Officer. Any data classification as sensitive, personal or public as well as sharing of appropriate amounts of data with partners, vendors and customers can be managed by the CPO. Putting the control back with the user or person who’s data is being collected is a key task that can be overseen at every step, since users knowingly and unknowingly generate a number of data points throughout their day. Organisations can also take charge of the data they manage or rely on from external sources – by starting to collect business critical data themselves and investing in relevant touchpoints to make PII data collection logical and justifiable. Lastly, organisations should implement solutions to ensure ethical data policies are enacted in grey areas since most of the new data privacy laws are yet to be tested in the courts, and thus may be subject to interpretation.

At WestCharge, we care deeply about your privacy and sensitive data – in fact as a GDPR compliant company, all our data is anonymised, encrypted, and stored on secure local servers. We collect only the data we need, with consent, and even give you the right to wipe out your historical data with us right from our app. We feel there’s greater scope for innovation in a more transparent digital economy, and as such - we welcome the new data privacy laws and the rights it affords to user data.

Read more about our work and journey on our website.

Author

Noel Thomas

Startup Ninja, Amateur Futurist, Dog Daddy