F.A.Q - Frequently Asked Questions!

The data protection field has some commonly referenced terms and questions that we have clarified below.

If you have any other questions, feel free to reach out to us! We love questions!

BreachAware® is a software service powered by Logic Document that provides organizations across the world with advanced analysis of compromised assets within data breaches to support the prevention of crime; as part of a system of risk management. See this video on this in action with this link!

Media Room

A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. Stolen data may involve sensitive, proprietary, or confidential information such as credit card numbers, customer data, trade secrets, or matters of national security. View this video for a news demonstration!

Media Room

#iUnderstand is a global campaign designed to educate all data subjects that their data is a commodity that can used to not only enhance their lives but the lives of others and in turn can help to improve humanity through education and using the commodity to improve education, healthcare and sanitation. We have a mission to also help the vulnerable in society to understand how their personal data is being used , this will help improve their lives over 2 million young and vulnerable adults per year.

Awareness training is an introduction into the world of data protection, this is often done from a consumers perspective, as all business owners are also consumers in their own lives.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data.

Privacy policies are required by law internationally because in collecting personal information from your visitors, users, customers, and clients, you assume responsibility for protecting their privacy.

A DPIA (data protection impact assessment) is a process designed to help you systematically analyze, identify and minimize the data protection risks of a project or plan. It is a key part of your accountability obligations under data protection law, and when done properly helps you assess and demonstrate how you comply with all of your data protection obligations.

The DPIA (data protection impact assessment) should be conducted before the processing and should be considered as a living tool, not merely as a one-off exercise. Where there are residual risks that can’t be mitigated by the measures put in place, the DPO (data protection officer) must be consulted prior to the start of the processing.

DPIA required:

A bank screening its customers against a credit reference database; a hospital about to implement a new health information database with patients’ health data; a bus operator about to implement on-board cameras to monitor drivers’ and passengers’ behaviour.

A risk over view is the statement provided by the evidence presented in a DPIA, this can be used to demonstrate your current data protection ability and compliance, again with a DPIA this will be monitored and updated regularly.

A subject access request (SAR) is simply a written request made by or on behalf of an individual for the information which he or she is entitled to ask for. The request does not have to be in any particular form. Principle 9 of PIPEDA.

Training must be carried out to facilitate the following steps:

-Recognize the subject access request

-Identify the individual making the subject access request

-Act swiftly and clarify the subject access request

-Identify personal data to be disclosed

-Identify personal data exemptions

An employment policy review is conducted to ensure the human resources department has clearly communicated the data protection policies within the organization, it is important to deliver and record data protection training.

Each employee should be able to reference their employee rights which will clearly demonstrate their data protection rights, which are looked as an individual human right in North America.

A processor agreement is a legal document provided by a data protection team to demonstrate that the organization has binding rules agreed with all third party vendors when sharing personal identifiable information. Having one of these will dramatically lower the risk around identity theft in any and all data flows when business to business communications are required.

A data protection officer (DPO) is an enterprise security leadership role required by the governing data authority. Data protection officers are responsible for overseeing a company’s data protection strategy and its implementation to ensure compliance with data protection requirements.

Help my business comply

We can help your business become compliant.

So happy to have someone to take away the burden and ensure we are compliant ourselves and for our clients well ahead of time.

KD Accounting

JOIN US!
Training Tuesdays

Register Now!