top of page
Writer's pictureMarco Lam

客戶個人資料可能成為公司的計時炸彈

香港公司一般好少花好多資源在內政,在2010年起大多企業已半數據化,加上武漢肺炎的影響下,企業營運已經到左不能不全面數據化的地步,了解過由起初Google Drive, DropBox到而家好多都有online book / ordering system。客戶資料、購買記錄、不同的資料處理,就為公司慢慢帶來左一個又一個計時炸彈。

點解會用計時炸彈去形容?因為Google drive 同NAS 的成本極低,唔少公司根據無訂立資料儲存的期限,遇上近排的在家工作,因為工作環境不同,數據外泄機會增加,形成網絡保安(Cybersecurity)的風險,一但發生,所影響的客戶及損失難以估計。

要解決問題,顧用外部顧問並不一定足夠,最重要的,是要管理層決心"汁正"公司的網絡保安及個人資料使用政策。以下是其中一個GDPR要求職位。

聯絡我們了解應該從何開始進行"汁正"

Art. 39 GDPR

Tasks of the data protection officer

  1. The data protection officer shall have at least the following tasks:

  2. to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;

  3. to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;

  4. to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;

  5. to cooperate with the supervisory authority;

  6. to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.

  7. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.

4 views0 comments

Comments


bottom of page