Know your partner
Applying the registration conditions to the MYOBI Trust Network, in particular to its own information ecosystem, is an example of organizing the accountability for authenticating the identity of the company and the legal representative (know your partner). The controlled exchange of company and personal data is aimed at accountability for protecting personal data (effectively safeguarding the rights of data subjects). For each of the examples, there is a European and/or national supervisor who oversees compliance with accountability.
Organize accountability with the TTP policy
The Accountability Seal Policy is part of MYOBI’s TTP policy that regulates accountability for compliance with this policy. Based on an Accountability Seal, the management of a company is accountable to society and the other users of the trust network in particular. For this it is necessary to organize compliance for the Accountability Seal.
How can we help you?
Do you have questions about organizing, implementing or expanding your accountability? Our service owner, Caroline Willemse AA RE RFG or her colleagues, would be happy to discuss your specific case.
It is efficient to include compliance with the TTP policy covering legal accountability for protecting data into the existing accountability cycle. By aligning the timelines for the accounts, synergy is created in compliance activities and efforts and costs can be reduced. Efficiency is increased with an integrated compliance approach to all these obligations.
The correct accountability every year
In order to be able to account for the entire year at the end of a year, sufficient compliance activities must be carried out during the year. Interim results of reporting may give rise to adjustments. Based on a calendar year as the accounting period, the following is prepared in the first quarter of the new year for the previous year:
- the self-declaration of the management; and
- the confirmation of the self-declaration by the data protection officer (DPO).
The self-declaration consists of a statement by the management about the maturity level achieved and the ambition for the coming year. This statement will be confirmed by the Company’s DPO or a designated DPO.
Accounting for compliance with legal (GDPR and/or TSA) and contractual requirements requires a decisive approach. To protect personal data, we start by identifying the business activities, the processes that support these activities, the risks that may arise for the company and/or the data subjects and taking measures that work effectively. As much as possible is connected to available (standard) baselines that are supplemented with company-specific measures. Based on the risk analysis, it can be determined how often it must be established that a measure is effective. Then comes the organization in the organization of those responsible and executives who determine the effectiveness of the control measures in accordance with the determined periodicity.
To protect trade secrets, we start by going through the business activities and thereby making an inventory of which trade secrets there are. We can make a proposal for a policy in which the company management provides employees with guidelines on how to deal with trade secrets. After a risk analysis, the measures are set up to protect the trade secrets and to periodically establish whether these measures work effectively.
A company faces liability and cost risks if it is unable to meet its accountability obligations. This not only concerns fines or claims from the regulator, but also from those whose personal data is processed. In addition, there is a risk of reputational damage if data breaches occur that have not been discovered or have been handled incorrectly. In order to be able to account for itself, it is necessary that the company has effectively organized the protection of personal data.
The MYOBI Trust Network offers companies a practical accountability mechanism. Central to this is the organization of compliance by the company with legal and contractual obligations, in particular the TTP policy and therefore also with the TTP Code of Conduct GDPR. Every year, the management expresses itself in a self-declaration about compliance with this code of conduct, expressed in a maturity level. The maturity level is published on the MYOBI website.
The accountability mechanism is explained on the knowledge base. See: organising accountability. We take care of the internal control of the accountability mechanism on behalf of MYOBI.
The importance for partners to account for compliance with the requirements of the GDPR and TSA is clear; Organizing compliance requires the necessary attention from company management, management and employees. A good conversation can be enough to allay uncertainty.
An important condition to be able to claim a breach of a trade secret is that the secret must be properly secured. A secret that is not properly protected may be labeled as “non-secret” by a judge because the company has not taken the necessary effective measures to keep it secret.
Organizing the protection of trade secrets is conditional in order to effectively protect trade secrets and – in the event of infringement – to obtain justice under the TSA. This means that a company must determine what its trade secrets are and what measures must be taken to protect the secret. It must then be arranged that it can be demonstrated that the measures have worked effectively.
An important measure is the conclusion of a confidentiality agreement with partners who need access to trade secrets for the execution of, for example, an (outsourcing) assignment. These partners must regularly account for compliance with the agreements made in this agreement. Such justifications are part of the company’s own responsibility.
It often happens that partners agree to mutually account for the confidential use of each other’s trade secrets.