In the previous webinars in this series, we have learned what Personally Identifiable Information (PII) is and how to manage the ways in which it enters your organization. But what are the compliance obligations once that data has been collected? What are the technical issues we need to care about in managing any sensitive information we control? Topics in this webinar include securing PII and defining the necessary access permissions, as well as ensuring that individual records can be removed if the data subject requests it. How should data backups and PII stored in older, legacy systems be handled? What actions are required if a data breach is detected?

Our speaker:
Alex Cespedes is an Independent Data Protection Consultant. Alex is a data protection consultant supporting organizations in Thailand to reach compliance with the Personal Data Protection Act (PDPA) and the Cybersecurity Act, while leveraging his EU experience with the General Data Protection Regulation (GDPR) and the Directive for Network and Information Security (NIS Directive). 

Alex is also the chair of the International Association of Privacy Professionals (IAPP) KnowledgeNet Chapter in Bangkok. In this context he organizes learning and networking events with representatives from industry and academia. In the past 10 years, Alex has worked on data risk and compliance projects across Europe, both in the private and public sector. He has developed a multidisciplinary approach to solving data protection issues from an organizational, technical, and legal point of view with a focus on information security.