Data Privacy Governance: Building a Strong Framework for Accountability

by Yasmin Mortaza , CelcomDigi Senior Privacy Specialist

With the rise of AI and cutting-edge tech, conversations around data privacy have become almost inevitable—it's the buzzword on everyone’s mind, or at the very least on the privacy professionals’ mind!

It’s a good thing but privacy isn’t just a box to tick - it’s about accountability and earning the trust of customers and partners. While having a robust framework is crucial, it’s only the starting point. We need to continuously measure, refine, and adapt our privacy practices to keep pace with the digital age. It’s at the core of everything we do, especially when handling data for over 20 million customers.

Our privacy framework spans across all departments and it includes a self-assessment process, ensuring that privacy controls are integrated into every part of the business. But we cannot stop here – my boss always says, “A green report card is not always a good thing. We must know what the gaps are, we need to be honest about where we are, so we can make meaningful progress.” We aim to undergo third-party assessments to ensure our controls are effective, adaptable and up-to-date. After all, data privacy is a moving target!

So, how do we do this?

• Knowing the business and the stakeholders - vendors, retail partners, and internal teams - who will be processing customers’ data – they are the first line of defense!
• Data classification – Know what data we collect, for what purpose and how do we manage them.
• Understanding the maturity level of an organisation is very important before setting the KPIs. These include monitoring breaches, assessing vendor relationships, and reviewing Data Protection Impact Assessments (DPIAs).
• Privacy tools and constant monitoring play a critical role, but so does due diligence.

With AI and new technologies, we must future-proof our privacy strategies. The principles of data protection are timeless, but the application needs to evolve. This is why we advocate for constant dialogue with privacy professionals and data custodians in what we call the “Trust Circle.”

AI, while promising, brings new challenges. We often see gaps in knowledge when dealing with AI, and we aim to fill those gaps through continuous engagement, ensuring our privacy practices remains agile.