BDO IT Consulting empowering local actors in data protection |10 September 2022
Guests and participants of the session in a souvenir photograph
With the enforcement of the Financial Consumer Protection Act (FCPA) in May, and the ongoing drafting of new legislation towards data protection in Seychelles, BDO IT Consulting held a Data Protection Awareness session yesterday at the Eden Bleu Hotel.
Grouping together thirty participants from numerous industries, including insurance, banking, financial services and telecommunications, the session was but the first in a series, focused on data privacy best practices, and the various requirements of the General Data Protection Regulation (GDPR).
The GDPR is a regulation in European Union (EU) law on data protection and privacy. Deemed the toughest privacy and security law in the world, the legislation imposes obligations on organisations around the globe, provided they collect and target data to EU citizens. It came into effect on May 25, 2018.
Facilitated by the manager of IT Governance and Consulting of BDO Mauritius, Deepshi Hujoory, and partner Krishna Radhakeesoon, the interactive session centred around the various principles for organisations and institutions to toughen data protection, also covering data privacy, privacy governance, personal data inventory, data subject rights and data breaches.
As per Ms Hujoory, the world is now moving towards protection of personal data, which is processed across many industries. BDO Seychelles assisted its member firm in organising the first training programme since the outbreak of the pandemic, in a bid to determine the level of understanding, and the general perception about data privacy.
“We have the GDPR, and we also have Acts coming into force in East Africa, in Mauritius, and also in Seychelles. We cannot just come in and enforce a law, and expect people to come and put everything in place for the law. We need to have that privacy culture embedded in their minds and for that, it is important to have the basic awareness sessions, explain to them the importance, and only then can it become a culture. We are trying to develop a culture, and not just implementing something on paper, enacting laws, and such,” she said.
Neighbouring Mauritius enforced its own Data Protection Act in December 201, although it has taken some organisations some time to familiarise themselves with the obligations. Others have from early on embraced the regulations, and are well advanced and perfecting their methodologies.
“Typically we see that the financial services are typically a bit ahead of the game, but if we compare the two countries (Seychelles and Mauritius), from a cyber security point of view, financial services are ahead. It is a similar track. A number of initiatives are ongoing, the Central Bank of Seychelles has got its own cyber security guideline, which has been issued well before Mauritius actually, and it is very concise, to the point and to the local context, which is very good,” Mr Radhakeesoon added.
BDO has assisted a number of banking institutions in Seychelles in implementing the framework.
It is essential that there is proper change management in implementing the provisions of data protection and security laws, and that end-users understand their rights, the do’s and don’ts, and the rationale behind the collection of personal data. The more awareness and the more that people understand their rights, the more they are likely to comply, necessitating a balancing act, whereby both companies and organisations, and users, are aware of the legal obligations, the process and procedures, as well as the rationale.
Recently, organisations are increasingly striving to become ISO 27001 certified. ISO 27001 is the leading international standard focused on information security, published by the International Organisation for Standardisation (ISO), in partnership with the International Electrotechnical Commission (IEC). It provides a framework to help organisations, of any size or any industry, to protect their information in a systematic and cost-effective way, through the adoption of an Information Security Management System (ISMS).
“It is a label which tells consumers that their data is safe. The ISMS is working and if you top that up with ISO 27001 for data privacy, you have the best, an integrated approach, to help manage the data from a data security and data privacy point of view.”
“From the people perspective, I find that Seychellois people are more engaged. When something is coming, they want to do it properly and get it done. In Mauritius, sometimes the process is delayed, but here, whenever it’s done, it is done properly,” Mr Radhakeesoon added.
BDO intends to organise further awareness sessions, as well as advanced training sessions, tailored to the local environment.
The organisation offers numerous services to businesses centred around data privacy and security.
Laura Pillay
Photos by Joena Meme
