PrivacyOps Certification

Course content
Create Account

Log in / Create account to save progress and earn badges

Module 0
Introduction to the PrivacyOps Certification
5 Topics
Overview: Introduction to the PrivacyOps Certification
Learning Objectives
Why Data Privacy is Important Today?
The Concept of PrivacyOps and its Benefits
Course Content and Brief Introductions
Module 1
The Modern Privacy Landscape
9 Topics | 1 Quiz
Overview: The Modern Privacy Landscape
What is Data Privacy?
Personal Data and Sensitive Personal Data
The 7 Principles of Data Protection
Data Privacy Approaches: Privacy-by-design & Privacy-by-default
Modern Privacy Laws Explained
Consequences of Data Protection and Non-compliance Failures
An Organization’s Obligations to Protect Personal Data
Feedback
The Modern Privacy Landscape Quiz
Module 2
Privacy Law compliance and PrivacyOps
12 Topics | 1 Quiz
Overview: Privacy Law Compliance and PrivacyOps
The Rapidly Changing Privacy Landscape
Issues with the Legacy Privacy Management Approach
What is PrivacyOps?
The Benefits of the PrivacyOps Approach
The Building Blocks of a PrivacyOps Platform
The Maturity Levels of PrivacyOps
Maturity Level 2 of PrivacyOps Explained
How to Adopt the PrivacyOps Approach?
The Critical Elements of a PrivacyOps Platform
Centralized Privacy Center – Try it now, it’s Free
Feedback
Privacy Law compliance and PrivacyOps Quiz
Module 3
Sensitive Data Intelligence
7 Topics | 1 Quiz
Overview: Sensitive Data Intelligence
What is Sensitive Data Intelligence?
Why Do Organizations Need Sensitive data Intelligence?
The Sensitive Data Intelligence Adoption Process
Sensitive Data Intelligence as a Foundation for PrivacyOps Compliance
Features of an Ideal Sensitive Data Intelligence Solution
Feedback
Sensitive Data Intelligence Quiz
Module 4
Data Mapping Automation
9 Topics | 1 Quiz
Overview: Data Mapping Automation
What is Data Mapping?
Why Do Organizations Need a Modern Data Mapping Solution?
What Questions Does Data Mapping Help Answer?
The PrivacyOps Approach to Data Mapping
Challenges and Solutions of Data Mapping Explained
The Data Mapping Process Explained
Data Mapping Maturity Levels
Feedback
Data Mapping Quiz
Module 5
Data Subject Rights Fulfillment Automation
10 Topics | 1 Quiz
Overview: DSR Fulfillment Automation
Data Subjects Rights (DSRs) Types
Manual DSR Fulfillment Problems
Automated DSR Fulfillment
Features of a PrivacyOps DSR Fulfillment Solution
Challenges & Solutions of DSR Fulfillment
The DSR Fulfillment Process
The DSR Fulfillment Maturity Levels
Centralized Privacy Center – Try it now, it’s Free
Feedback
Data Subject Rights Fulfillment Automation Quiz
Module 6
Assessment Automation
8 Topics | 1 Quiz
Overview: Assessment Automation
What is an Assessment?
Why do Organizations Need Assessments?
Types of Assessments
Manual Assessment Methods and their Challenges
How Can PrivacyOps Platforms Ease the Assessment Process?
How Are Assessments Conducted in a PrivacyOps Platform?
Feedback
Assessment Automation Quiz
Module 7
Consent Lifecycle Management
11 Topics | 1 Quiz
Consent Lifecycle Management
What is Consent?
What are the elements of valid consent
Opt-in and Opt-out consent regimes
Which countries are Opt-in or Opt-out consent regimes?
What is Universal Consent Management?
How Do PrivacyOps platforms automate Universal Consent Management?
What is Cookie Consent Management?
How Do PrivacyOps platforms automate Cookie Consent Management?
Centralized Privacy Center – Try it now, it’s Free
Feedback
Consent Lifecycle Management Quiz
Module 8
Privacy Notice Creation & Management
8 Topics | 1 Quiz
Overview: Privacy Notice Creation & Management
What are Privacy Notices & why are they important?
The Relationship between Privacy Notices and Risk
The Challenges of Manually Creating & Managing Privacy Notices
PrivacyOps Approach to Privacy Notice Creation & Management
The Two Maturity Levels of Privacy Notice Creation & Management
Centralized Privacy Center – Try it now, it’s Free
Feedback
Privacy Notice Creation/Management Quiz
Module 9
Incident and Data Breach Management
7 Topics | 1 Quiz
Overview: Incident and Breach Management
How to Prevent a Personal Data Breach?
The Steps of a Breach Response Mechanism
Breach Notification Requirements in Major Privacy Laws
The Challenges of Effective Breach Management
Breach Management Automation in a PrivacyOps Platform
Feedback
Incident and Data Breach Management Quiz
Module 10
Vendor Assessment Automation
9 Topics | 1 Quiz
Overview
What is a Vendor Assessment?
Why Should Organizations Assess Vendors?
Liabilities of Data Controllers and Vendors’ Non-Compliance Risks
Issues of Manually Assessing Vendor Privacy
The PrivacyOps Solution to Vendor Assessments
How Vendor Assessments Work in a PrivacyOps Platform
How Vendor Privacy Risk Monitoring and Ratings Work
Feedback
Vendor Assessments Quiz
Module 11
Conclusion
6 Topics
Overview: Conclusion
The Need for Effective Data Privacy Management Today
Why Existing Data Privacy Management Practices are Obsolete
The PrivacyOps Approach to Data Privacy Management
How Securiti Helps Simplify Data Privacy Management
Centralized Privacy Center – Try it now, it’s Free
Module 12
Certification Exam
1 Quiz
Certification Exam
Module 13
Course Survey
PrivacyOps Certification
View course details →

Liabilities of Data Controllers and Vendors’ Non-Compliance Risks

Mark Complete Enroll now to save progress and earn badges. Click to continue.
PrivacyOps Certification Vendor Assessment Automation Liabilities of Data Controllers and Vendors’ Non-Compliance Risks

The European Union’s General Data Protection Regulation:

Under the GDPR, the data controller is responsible for assessing its processor’s compliance with the GDPR’s requirements. This assessment takes into account the nature of the processing and the risks to the data subjects. Article 28(1) of the GDPR states that “where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject.”

Although data controllers are primarily responsible for their processors’ GDPR compliance, this does not mean GDPR compliance isn’t a concern for the data processor or the vendor. Article 28(3) of the GDPR requires businesses to engage vendors for data processing with a written contract. The contract should set the subject matter, data processing duration, nature, and purpose of processing, the type of personal data and categories of data subjects, and the controller’s obligations and rights. Such a contract must stipulate that the vendor or processor will process the personal data only on documented instructions from the controller and other reasonable safeguards to ensure proper data privacy compliance under the GDPR. 

However, a data controller would be primarily responsible for ensuring the compliance of its data processors. Regardless of the terms of the contract with a data processor, the data controller may face sanctions under the GDPR.  Data controllers are also required to ensure data processors’ compliance on an ongoing basis to comply with the accountability principle and demonstrate due diligence under the GDPR.

The California Consumer Privacy Act:

Under the CCPA, businesses that share consumer personal information with vendors and service providers assess their vendors to understand existing gaps against CCPA. CCPA requires businesses to provide specified information to consumers about their vendor data sharing. It also requires companies to notify their vendors when a consumer has submitted a data subject rights request under the privacy law. Businesses also ensure that service provider entities understand and respect the consumers’ data rights and do not use the data in any manner inconsistent with CCPA requirements.

Under the CCPA, a service provider is an entity that processes information on behalf of a business (the data controller). For proper privacy compliance, the CCPA makes it mandatory for businesses to sign written contracts with vendors, service providers, or any other entities selling or disclosing consumer data for any commercial and business purpose. The contract should prohibit the service provider from retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract. A service provider is liable for civil penalties if it uses the personal information received from businesses in violation of the CCPA. Suppose a service provider fails to cure CCPA violations within 30 days. In that case, it is liable for a civil penalty under laws pertaining to unfair competition in a lawsuit brought by the Attorney General.
With all these strict rules and regulations for data controllers and vendors in place, vendor assessments have become an obligation to stay compliant. It would allow data controllers to understand how to mitigate the risks of dealing with vendors. There have been various incidents in recent years where vendor data breaches have had catastrophic results. For example, in June 2019,  an unauthorized user gained access to Quest Diagnostic’s sensitive data through a billing vendor named the American Medical Collection Agency (AMCA). The hacker gained access to sensitive data of 11.9 million patients, including credit card numbers, bank account information, and social security numbers. The Quest Diagnostic breach was the most significant vendor data breach of all time. This is why organizations need to be careful in conducting vendor assessments before onboarding a vendor data processing vendor. Assessing vendors before partnering up is empirical to thrive in an era of strict data privacy regulations. Even the smallest let up in controls, be it by a vendor, can severely dent an organization’s credibility.

Previous Topic
Back to Lesson
Next Topic

Company

Resources

Terms

Get in touch

[email protected]
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128

Copyright © 2024 SECURITI.ai

Sitemap - XML Sitemap