Companies Urged to Strengthen Data Governance Frameworks

In a recent workshop hosted by the Mauritius Institute of Directors, Drudeisha Madhub, the Data Protection Commissioner, renewed her call to business leaders, emphasizing the importance of protecting the data of customers, employees, and partners. She highlighted the necessity for companies to fully comply with data protection legislation and implement an effective Data Governance Framework.

“Without a proper Data Governance Framework, we cannot handle and manage data correctly,” Madhub asserted.

“This framework enables data controllers and processors to confidently set goals, measure performance, strategize, and uncover new opportunities.”

She stressed that the implementation of this framework is a significant responsibility that all businesses must embrace.

Madhub pointed out a worrying statistic: 83% of companies admit they struggle to convert fragmented data points into comprehensive user records.

This challenge has led to a rise in the adoption of Customer Data Platforms (CDPs), which help to centralize and manage customer data for the benefit of all stakeholders.

The Commissioner also raised concerns about the potential consequences of inadequate data governance.

“Without a Data Governance Framework, a company cannot ensure the quality or compliance of its data, nor adhere to privacy regulations,” she warned.

Madhub expressed her dismay that local businesses have historically mishandled customer data, putting them at risk of legal troubles and substantial fines under the General Data Protection Regulation (GDPR).

Moreover, the potential reputational damage from data mismanagement cannot be underestimated.

“I am quite cynical about this issue; many local businesses still believe that having a robust data protection framework is not important,” she noted.

Madhub emphasized that the enforcement of data protection laws relies heavily on a collaborative approach between the Data Protection Office (DPO), data managers, and the government, stating:

“If one element of this triangle is missing, nothing works.”

Despite these challenges, Madhub remained optimistic about progress in data governance.

During the workshop, she discussed the DPO’s powers to ensure compliance and investigate complaints.

Typically, this involves negotiating amicable solutions, providing lists of remedial measures, and following up to ensure implementation.

“We have the power of entry and search and can delegate some of these authorities to the police or another authorized officer to assist us in our investigations,” Madhub explained.

“We are already utilizing this approach in several cases.”

Given these regulatory dynamics, Madhub underscored the need for businesses to rigorously discipline their data processing and management practices, emphasizing the importance of maintaining accurate records.

“If a company is called to court, what evidence can you present if you lack proper documentation?” she questioned.

“Without solid data protection practices, your company will be perceived as untrustworthy.”

She also highlighted the rights of individuals under data protection laws, including the right to restrict how their data is processed, to request access to their data, to know who is holding it, and to seek limits on its processing.

Violating these laws is a criminal offense; companies that fail to register with the DPO or lack a Data Protection Officer are committing infractions.

Madhub also addressed the dangers posed by social media and artificial intelligence (AI).

She warned against the risks of deepfakes and the misuse of AI technology, noting that image generators are often trained on extensive datasets sourced from social media without users’ consent.

This practice can lead to serious violations of privacy, as individuals may be unaware that their images are being used to train AI models.

“The emergence of generative AI presents new challenges for security regulations,” she said, cautioning that these technologies could potentially replicate copyrighted material, leading to legal disputes over intellectual property rights.

Furthermore, the misuse of AI-generated content may have negative mental health impacts, as exposure to hyper-realistic deepfakes can cause confusion, psychological distress, and deteriorate public trust.

In conclusion, the Data Protection Commissioner’s continued advocacy for stronger data governance frameworks underlines the critical need for businesses to prioritize data protection in an increasingly data-driven world.

Source: Le Mauricien