From silos to synergy with Data Protection Authority
View(s):By Duruthu Edirimuni Chandrasekera
Many organisations continue to face significant challenges in data inventory, mainly those with multiple sub-business units or subsidiaries, all of which will be ironed out with the advent of the Data Protection Authority.
A common issue is the lack of a complete record of personal data, including its storage locations and access permissions.
There’s also inconsistent data handling where different departments, such as Marketing, Sales, and Operations, follow their own processes for collecting, sharing, and retaining personal data, Rajeeva Bandaranaike, Chairman, Data Protection Authority (DPA) told The Sunday Times Business.
This lack of standardisation makes it difficult to consolidate all personal information into one centralised location for the Data Protection Office, set to resume operations by early next year, to effectively manage and monitor compliance.
Some organisations may lack clarity as to what qualifies as a “reportable” incident under the Personal Data Protection Act (PDPA) to DPA. There are limited awareness and training, with employees often lacking adequate understanding of PDPA obligations and privacy best practices, making it challenging to embed a strong privacy culture across the organisation, Mr. Bandaranaike said.
“Technology gaps where legacy systems may not support access controls, encryption, or audit trails needed for compliance.” In balancing compliance and business needs organisations face pressure to meet business objectives while ensuring PDPA compliance, he added.
“For example, a company may be restricted from using its existing customer database for marketing communications, as the PDPA requires explicit consent. This can render previously collected data unusable and impact marketing effectiveness.”
Continuous monitoring is not easy, he said as it-it’s hard to maintain ongoing compliance; most organisations focus only during audits or certifications.
Lack of top-management ownership-privacy is seen as an IT or legal issue, not a strategic business responsibility, he pointed out.
“There are resource constraints, especially for small and medium entities that lack dedicated privacy teams or budgets.”
Hitad.lk has you covered with quality used or brand new cars for sale that are budget friendly yet reliable! Now is the time to sell your old ride for something more attractive to today's modern automotive market demands. Browse through our selection of affordable options now on Hitad.lk before deciding on what will work best for you!