Data privacy compliance management system for the Data Privacy Office, De La Salle University, Manila

Date of Publication

1-3-2021

Document Type

Bachelor's Thesis

Degree Name

Bachelor of Science in Information Systems

Subject Categories

Databases and Information Systems

College

College of Computer Studies

Department/Unit

Information Technology

Thesis Advisor

Danny C. Cheng

Defense Panel Chair

Lissa Andrea K. Magpantay

Defense Panel Member

Oliver A. Malabanan

Abstract/Summary

As the implementation of The Data Privacy Act of 2012 took place from 2016 until today, every institution in the Philippines has been required to conduct a compliance analysis of the Data Privacy, and the campus is no exception. De La Salle University's Data Privacy Office has been initiated in 2018 with an objective to conduct collection of Personal Data and Impact Assessment that has been submitted by the Internal Offices of the campus. Regarding this, the process of having to review all the submitted processes, their corresponding metadata, and the risk assessment, which are all recorded into separated spreadsheets per office, has been a challenge that has been faced by the office. In addition, the collection of consent has been an issue raised, since it has been collected, but not able to manage properly, due to lack of proper storage and monitoring. The issues raised above affected the office’s ability in generating reports, which might help them in prioritizing the offices and data processes with higher level of risk of handling personal data.

This paper introduces the development of the Data Privacy and Compliance Management System (DPC.ms) for the Data Privacy Office of De La Salle University. A management system that aims to solve the office's issue in generating essential reports, and storing collected consent that's needed for the internal data processes within the university; which are both required for the compliance of Data Privacy. This system consists of the following features that assist in the ease-of-business between the University Office Representatives and the Data Privacy Officer; namely – Batch Uploading of Internal Processes, CRUD functionality for the Metadata (e.g. Data Elements, Data Subject, Legal Basis, etc.), Risk Assessment Auto-calculation, Impact and Likelihood Questionnaire, and Consent Inventory Collection.

Abstract Format

html

Language

English

Format

Electronic

Physical Description

235 leaves

Keywords

Data privacy; Compliant platforms; Information storage and retrieval systems--Data privacy

Upload Full Text

wf_yes

Embargo Period

1-3-2021

This document is currently not available here.

Share

COinS