Page 315 - DMGT308_CUSTOMER_RELATIONSHIP

Page 315 - DMGT308_CUSTOMER_RELATIONSHIP_MANAGEMENT

P. 315

Customer Relationship Management

Notes 3. Steps should be taken to prevent unauthorised access to personal data, including the right
of physical access to the premises, data, and programs and to operate equipment of the
data controller or processor.
4. The identity of persons who have access to information network should be logged.
5. The organisation must appoint specific staff (such as a security officer) to maintain security
of data and prevent the data from burglary, alteration, destruction, extinction, or disclosure.
6. Some laws also mandate technical procedures and measures to protect data while in
transmission. This includes an obligation to transfer data only in cryptographic form with
a digital signature.
7. In some countries, the data regulator is responsible for ensuring credibility and integrity
of the data controllers handling the information and for ensuring that equipment used is
of a high standard.
8. Some countries also vest an obligation on organisations to inform data subjects of security
incidents that may lead to a threat of unauthorised disclosure of personal data.
9. Privacy impact assessments to be conducted by independent authorities in the form of
transparent audits, for the protection of personal data.
10. Adoption of a code of practice to measure the efficiency and level of protection of personal
data.

11. A response plan to be formulated by organisations which will set out the appropriate
action to be taken for breach of data protection laws.
12. The technical and organisational measures to be undertaken by data controllers must be
proportionate to the existing risk, sensitive nature of information and its consequence for
the data subject.

When processing is carried out by service providers, the controlling authority must enter into a
contract that provides the scope, content, obligations and guarantee of compliance of data
protection principles by these service providers.
1. At the time of encountering a security breach during processing, the data subjects must be
informed about the potential pecuniary and non pecuniary effects of such a breach. This
information must be provided well in advance.
2. Mechanisms that prevent and detect breaches depending upon the standardised model of
information security governance/management must be implemented.
3. Periodic internal training, education and awareness programmes aimed at better
understanding of data protection principles and security issues must be implemented.

4. Data privacy officers with adequate qualification, resources and power for supervisory
functions must be appointed to overlook functioning of data controllers.
5. Response plan that establishes guidelines for verifying a breach of applicable law, cause
and extent of breach, harmful effects and appropriate measures to avoid future breaches
must be implemented.

6. Data supervising authorities must ensure the following security standards are maintained:
(a) Supervisors must be impartial, independent and have technical competence and
adequate resources to carry out their functions;

(b) Supervisors must ensure coordination to achieve uniform standards of data
protection is maintained at national level, by sharing reports, investigative
techniques and other necessary information; and

310 LOVELY PROFESSIONAL UNIVERSITY

310 311 312 313 314 315 316 317 318 319 320