Governance and Compliance

Once the formal legal knowledge base has been established (as offered in cluster A), governance & compliance can be given shape.

The primary goal here is to prevent a sanction of material importance. Secondary, other considerations can also play a role. We can think of limiting directors’ liability, increasing data quality and / or getting to know clients, students, citizens and / or employees better. As a result of the formal legal rules regarding the processing of (personal) data, tasks, powers and responsibilities “shift” into existing administrative frameworks.

Organizations of any size and / or which are responsible for processing special personal data on any scale will (have to) appoint a data protection officer (DPO). Within the administrative framework, the DPO is positioned at an appropriate distance close to the supervisory board / supervision. In addition, the DPO performs or supervises operational tasks.

The formal legal status of the DPO is of a different order from that of an information security officer (ISO), an adviser administrative organization (AO / IT) and a company lawyer (JUR). From a good governance point of view, it is important that the duties, powers and responsibilities of the DPO are clear and transparent. After attending cluster B, the student must be able to shape governance & compliance for his own organization from a data processing perspective. And within that context to name the duties, powers and responsibilities of the DPO.

An important indicator of the extent to which an organization has governance & compliance in order is the extent to which a controller succeeds in preventing, detecting and reporting data leaks to the supervisory authority. Organizing the prevention and mitigation of unexpected data breaches, assigning tasks, powers and responsibilities to key officials and taking decisive action when the regulator imposes sanctions is an important part of the module.

Showing all 7 results