One 、 Data security and privacy

Privacy compliance is an important part of data security , In addition to meeting the data security requirements within the enterprise , It also needs to meet all applicable legal and regulatory requirements . The definition of privacy , It refers to the personal affairs enjoyed by natural persons 、 The right not to be known by others , And the right not to be disturbed or monitored .

Usually, the privacy we refer to here is mainly the privacy of the online world , These privacy are based on data , So it is also called personal information or personal data . Personal data is Have been identified perhaps Recognizable Any data related to natural persons .

Identified data , It refers to the data that can uniquely identify a natural person , Such as name 、 Well known network ID、 ID number, etc .

Recognizable data , It refers to data that does not contain data that can directly determine a natural person , But through the existing information , Through analysis or reasoning, the data of a natural person can be determined .

Two 、 Compliance and legal compliance

So far N Countries and regions have enacted laws related to privacy protection , But we don't all need to comply , For these laws and regulations ：

First , Only when we do business in the corresponding country , Their laws and regulations come into force for us , For many domestic companies , We only need to pay attention to a few laws and regulations . It should be noted that , If you provide network services , For example, the website involves the registration and access of unspecified users , This may involve processing personal data of local residents .

second , The requirements of laws and regulations related to privacy protection in various countries are also learning from each other , So most of the clauses are similar or repeated , Therefore, we only need to comply with a relatively strict regulation to meet most compliance requirements , A small number of inconsistencies only need a single processing of the involved business .

3、 ... and 、 From external regulation to internal regulation

The first step from external regulation to internal regulation , The most important external laws and regulations applicable to the business 、 Best practice framework for decomposition and reorganization , In decomposition and reorganization , Split these terms by field , Then summarize and reorganize , Remove duplicates . for example , Group all role definition classes , All data lifecycle classes are grouped together, and so on . This is actually a process of integrating all regulations .

After decomposition and reorganization , Form a compliance benchmark within the enterprise , Then all internal work is carried out based on this compliance benchmark .

Next , These compliance benchmarks need to be used as input to the development of internal document systems , Will comply with the requirements of the benchmark , Return one by one in the internal document system , For example, put it in the general policy outline 、 Management regulations 、 Internal standards 、 Technical specifications, etc . This is actually a process of integrating into internal documents .

This mode , To a large extent, it avoids the risk of external mandatory requirements without internal documents . The business is in the process of compliance improvement , You only need to find a few policy documents corresponding to your field to carry out the work , Improve the efficiency of the business department .

meanwhile , The bridge in the middle needs to change according to the outside , Such as the new legislation 、 New practice 、 New risks, etc , Make regular updates , As the input of all other privacy protection work . In fact, it's not just a document system , The work of the whole privacy protection system , Can be based on such decomposition and reorganization results .

Four 、 Reference material

For the implementation of privacy protection , You can refer to the blogger's 【 Privacy compliance 】 special column .