CRAFTY LEARNS

Privacy for non-privacy lawyers

Market trends, practical problems, and their solutions

Facilitated by Alvarez & Marsal:

  • Samita Patel, Senior Director (samita.patel@alvarezandmarsal.com)
  • Sam Lowe, Director (sam.lowe@alvarezandmarsal.com)

1. Understand the data flows:

  • What personal data is involved?
  • Whose personal data is it?
  • Where does it come from, where is it stored and where does it go?
  • What parties are involved and what are their roles?
  • How long is it kept for?

2. Consider the privacy principles:

  • Make sure processing is lawful, fair, and transparent
  • Have specific, explicit and legitimate purposes for personal data use (and do not use for other incompatible purposes)
  • Only use personal data that is adequate, relevant, and necessary
  • Keep personal data accurate and up-to-date
  • Do not keep personal data longer than is necessary
  • Put in place appropriate organisational and technical measures according to the processing risk
  • Be able to demonstrate compliance

3. Manage the risk and expectations:

  • For individuals and maintaining their rights
  • For your organisation
  • For wider stakeholders: shareholders, business partners, regulators

4. Think about responses:

  • Ad-hoc measures
  • Policy, procedures and processes
  • Roles and responsibilities
  • Culture and awareness

5. And remember these are risk-based rules:

  • What is proportionate considering the risk
  • What are industry practices and commercial realities
  • What are competing rights and obligations
  • Who should own risk approval and acceptance

If you want to learn more about this topic, here are some additional resources:

  • Reach out to the Alvarez & Marsal team

Continue reading

Next page