Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerate: Challenges & Learnings


Published on

It is one thing to understad what the various applicable Privacy laws & standards require an organization to do and another thing to actually implement a program to deliver on this requirement within the organization. Data Privacy programs cut across almost all functions & teams in an organization - all of whom need to work in sync to 'make it all happen'. When it is a large conglomerate spanning multiple countries and entities, this challenge is further amplified. This session discusses these real life issues and challenges.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerate: Challenges & Learnings

  1. 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur IMPLEMENTING PRIVACY IN A LARGE CONGLOMERATE Gauri Vishwas Aditya Birla Group Information Security & Privacy Lead
  2. 2. SACON 2020 Approach that we took • WHAT should be done ? • HOW to do it ? • WHY ? • GDPR compliance • Brand & reputation • Other privacy regulations
  3. 3. SACON 2020 GDPR Compliance Understand the scope- Data Inventory and mapping Privacy Assessment- GDPR Gap Assessment and reporting Remediate gaps Other privacy regulationsEstablish a privacy framework at the group level What did we do ?
  4. 4. SACON 2020 • Select Framework • Map the gaps against a framework – ‘Must haves’ • Identify best practices and map in the framework- ‘Good to have’ How did we do it? Mapping Project scope
  5. 5. SACON 2020 1. VisibilityoverPersonalInformation 2. PrivacyOrganization&Relations 3. PrivacyPolicyandProcesses 4. RegulatoryComplianceIntelligence 5. PrivacyContractmanagement 6. PrivacyMonitoring&IncidentManagement 7.InformationUsage&Access 8. PrivacyAwareness/Training 9. PersonalInformationSecurity 10. Governance Project Scope
  6. 6. SACON 2020 Training Plan- 3 segments of employees Awareness for end users Awareness for data handlers Awareness for privacy managers Privacy dos and don’ts Code of conduct 8. PrivacyAwareness/Training Project Scope - Detailed
  7. 7. SACON 2020 Awareness Learning Curve Clarity - Roles and Responsibilities Data is everywhere Challenges on the ground
  8. 8. SACON 2020 Awareness and sensitization workshops Build Capability- Its more than just a law! Structure & Role of Privacy Organization Top Driven Approach Technology assistance for building visibility into personal information Key learnings
  9. 9. SACON 2020 Thank You