Services Industries Cloud Cybersecurity Digital EngineeringNXT HOLMES Geographies

Service Offerings

Data, Analytics & AI
Applications
Digital Operations and Platform
Consulting
Infrastructure Services

Service Offerings

Data, Analytics & AI
Applications
Digital Operations and Platform
Consulting
Infrastructure Services

Client Themes

As a service
Big Data
Blockchain
Cyber Security & Enterprise Risk
DevOps
Enterprise Ops Transformation
Industry 4.0
Open Source
Product Lifecycle Management
Software Defined Everything

Client Themes

As a service
Big Data
Blockchain
Cyber Security & Enterprise Risk
DevOps
Enterprise Ops Transformation
Industry 4.0
Open Source
Product Lifecycle Management
Software Defined Everything
Aerospace & Defense
Automotive
Banking
Capital Markets
Communications
Consumer Electronics
Consumer Packaged Goods
Education
Engineering, Construction & Operations
Healthcare
Insurance
Medical Devices
Natural Resources
New Age Markets
New Age & Media
Network & Edge Providers
Oil & Gas
Pharmaceutical & Life Sciences
Platforms & Software Products
Industrial & Process Manufacturing
Professional Services
Public sector
Retail
Semiconductors
Travel & Transportation
Utilities
Aerospace & Defense
Automotive
Banking
Capital Markets
Communications
Consumer Electronics
Consumer Packaged Goods
Education
Engineering, Construction & Operations
Healthcare
Insurance
Medical Devices
Natural Resources
New Age Markets
New Age & Media
Network & Edge Providers
Oil & Gas
Pharmaceutical & Life Sciences
Platforms & Software Products
Industrial & Process Manufacturing
Professional Services
Public sector
Retail
Semiconductors
Travel & Transportation
Utilities
America
country usa
United States
country canada
Canada
country brazil
Brazil ( English  |   Portuguese )
country maxico
Mexico ( English  |  Spanish )
country latam
Latam
Continental Europe
country benelux
Benelux
country nordic
Nordic
country france
France
country dach
Dach ( English  |  Deutsch )
Africa
United Kingdom & Ireland
Asia - Pacific
country
Asean
country
Korea
country
China
country
Australia
country
Japan ( English  |  Japanese )
country
Taiwan
India & Middle East
country India
India
country
Middle East
Global Site
America
country usa
United States
country canada
Canada
country brazil
Brazil ( English  |   Portuguese )
country maxico
Mexico ( English  |  Spanish )
country latam
Latam
Continental Europe
country benelux
Benelux
country nordic
Nordic
country france
France
country dach
Dach ( English  |  Deutsch )
Africa
United Kingdom & Ireland
Asia - Pacific
country
Asean
country
Korea
country
China
country
Australia
country
Japan ( English  |  Japanese )
country
Taiwan
India & Middle East
country India
India
country
Middle East
Global Site
< Cybersecurity

Risk based approach to data privacy

fav-article
Services
Industries
Cloud
Cybersecurity
Digital
EngineeringNXT
HOLMES
Geographies
Contact Us
About Wipro
Careers
Locations
Leadership
Investors
Innovation
News and Events
Blogs
Analyst speak
Products & Platforms
Partner Ecosystem
Sustainability

Risk based approach to data privacy can help businesses manage global data privacy risks, apply, calibrate and enforce controls based on the risk exposure, in a manner that is flexible and more agile.

Personal information has huge potential to create economic and social value for both the customers and the organizations who serve them. The ability of the organizations to acquire and use personal information to launch new products, services and enhancing customer experience has increased immensely with innovative use of technology; however, it also increases the risk to the privacy of personal information. Ensuring data privacy through every stage of information life cycle (collection, storage, processing, retention, sharing and disposal) has become very critical for organizations to stay relevant. Evidently there is a need for organizations to take a risk based approach to data privacy and protect personal information to maintain business competitive edge. Risk based approach to privacy is a process that allows organizations to identify potential high risks and focus their efforts towards high risk areas. This white paper explores a risk based approach to privacy with the intention of helping the organizations to manage data privacy effectively. 

New horizons – new risks

Technology is growing in a rapid manner to enable business growth and the amount of data is proliferating at an exponential rate. The risks to privacy of personal information has been and will continue to be affected by automation and adoption of new technologies in every industry and every geography and across all functions. 

Risk based approach to data privacy

Figure 1 : New Technology Adoption & New Business Models Bring Privacy Risks

The key trends that are altering the threat landscape include adoption of Cloud, expanding usage of mobile applications, social media, location based services, machine to machine communications, Internet of Things, mobile advertising, wearable devices, etc. With the privacy regulations enforcing principles like ‘Right to be forgotten’, ‘Privacy by Design’, ‘Data Portability,’ etc., a checkbox approach to data privacy is not sustainable. A paradigm shift in privacy mindset is necessary to mitigate these risks arising due to usage of these disruptive technologies.

Data privacy challenges

All the data privacy acts provide only guidelines for privacy compliance and do not contain any control framework or standards for ensuring compliance. The privacy laws are based on principles; hence, they are subject to interpretation, leaving it both to organizations to decide on how to implement these principles, and to regulators on how to interpret and impose the law. 

Risk based approach to data privacy

Figure 2 : Current State of Data Privacy in a Hyper Connected Ecosystem

Data privacy challenges

Today there is no standard methodology to implement privacy controls and comply with the privacy principles obligations that are imposed by the regulators. To comply with the privacy principles, each organization has to derive their own methodology for achieving compliance. The privacy compliance becomes complicated when an organization services customers across multiple geographies where multiple country regulations come into the picture.

Risk based approach would bridge the gap between the privacy principles on one hand, and privacy controls on the other, using a methodology that would help organizations to apply, calibrate and implement privacy requirements appropriately and effectively. A risk based approach to data privacy can help organizations enforce controls based on the risk exposure, in a manner that is flexible and more agile.

Proactive approach to data privacy

Organizations must take a proactive approach to data privacy by creating a data privacy standard and privacy control framework, which can be applied consistently across all functions and geographies to minimize complexity and maximize data protection. Such a framework must provide guidance on what constitutes personal data, what are the requirements for personal data collection, process of managing consent, rules for accessing and using personal data, how to classify and protect personal data, implement the right set of processes and controls based on the risk. This should be followed by creating a data privacy strategy that would help the organizations to manage the privacy of data life cycle right from data collection, storage to disposal.

  1. Assess your privacy risk posture: Identify the assets, business processes, type of PII being collected, stored, processed & transferred by the organization. Develop a detailed threat profile by considering the various threat actors, threat vectors and the threat impacts to calculate the risk level. 
  2. Ongoing privacy impact assessment: Conduct a PIA for new projects, new application development, existing critical applications that stores or process PII & also to changes to business processes. Automate PIA using GRC tools.
  3. Build a privacy aware culture: Embed privacy as a central element of value proposition. Build a privacyware organization by conducting privacy trainings, awareness campaigns, and by conducting data privacy events. 
  4. Build product and services with privacy mind: Privacy must be built into products and services by design and by default. Integrate privacy into SDLC lifecycle. Collect data only that which is absolutely needed for processing, to minimize compliance risk and increase customer trust in the product and services. Provide notice, choice and transparency to customer. 
  5. Embrace privacy as a core business value: Look for opportunities to drive value from privacy Bring economic and social value to customers by enabling optimal use for personal information.
  6. Make privacy a brand differentiator: Organizations that respect the customer privacy, and promote trust and transparency are most successful in the industry. Use privacy as a differentiator to gain competitive edge in the industry. 

The road ahead

Data is becoming a fundamental asset in the digital transformation of economies. The increasing use of disruptive technologies has created an unprecedented flow of personal information. Data subjects are becoming increasingly aware of their privacy rights and are rightfully demanding more control over how their personal information is used, shared, and assurances that the privacy of their personal data will be protected.

Organizations across industries and geographies continue to be challenged by disruptive technologies. The boundaries of the digital world are not fully established. The data breaches continue to make headlines and data privacy has become a focal point of discussions in boardroom. Data breaches can do irreparable harm to the organizations brand equity, credibility, trust and customer relationship. It is apparent that there is no one-size-fits-all solution that is available to comply with the ever evolving data privacy regulations. There is a need for organizations to take a comprehensive risk based approach to privacy where globally defined privacy risks are identified and countermeasures are built. This would be far more effective and more likely to respond to cross-border requirements. 

About the Author

Ramkumar Narayanan is a Senior Practice Manager for Wipro’s Cybersecurity & Risk Services (CRS) business. He heads the data privacy and data security governance practice within CRS, and is currently responsible for making Wipro's customers succeed in their data privacy and security journey.

He can be reached at ramkumar.narayanan@wipro.com

Related Articles

Image not found
How a top telco launched its business in the US market on Cloud

Wipro delivered best in class AWS cloud based security solution comprising of native and third party security controls to meet customer’s business needs..

Image not found
Application Onboarding Streamlined

Wipro enables compliance to regulatory bodies through 150% faster onboarding of critical applications and removal of open business sensitive risks for a leading banking organization

X