Data Governance and Privacy Compliance

2. ASSESSMENT CONTENTS 2.1 ASSESSMENT AIM AND OVERVIEW The assessment is to be completed in two sections: In section 1 (Data Government and Management), students will set out the key characteristics a Data Governance Strategy for a fictional organisation outlining the most important considerations such as the programme rationale, outline organizational structure, roles and responsibilities to be assigned. In section 2 (Privacy and Data Protection), students will address issues related to privacy and data protection in the fictional organisation addressing such issues as personal data collection, storage and processing and the transfer data outside the EU such as to the US/UK, etc. 2.2 DETAILED DESCRIPTION OF REQUIREMENTS Students shall prepare and submit an essay/report using the following scenario. Section 1 (Data Governance and Management) (max 1200 words) You have just been recruited by a rapidly growing fintech company as a Data Governance and Management specialist. The business plan to double its market share over the next three years through growth in the number of customers, through new products and through increasing the value-added in its services. Your first job is to outline why the business needs design and implement a data governance program to ensure that all its business and compliance needs are met. You can illustrate your response with diagrams as appropriate. In your response, you should include the following: Three key reasons why a data governance program is needed in order for the organisation to develop in line with its business plan. What artefacts should be prepared to enable implementation of a programme including an identification of the key features of a data governance operating model that will facilitate alignment of business and technical needs. An overview of any organisational change required including what roles and responsibilities should be assigned and/or allocated, An identification of specific projects/actions that could be implemented as part of a data governance program implementation. Address the concerns of organisational stakeholders about the steps necessary to implement a data governance program. Section 2 (Privacy and Data protection) (max 1200 words) Your next major challenge is to provided briefing in relation to Privacy and Data protection for the organisation which is headquartered in Dublin, Ireland and therefore subject to Irish and European Union (EU) legislation. You have been asked by management to write a report about the legal, ethical and practical requirements related to data protection in Ireland and the EU including the relevant data protection laws and the practical steps for the organization to ensure compliance. Your report should cover the following subject areas: Provide an overview of the legal requirements related to privacy and data protection that the organisation should consider and how it might address these requirements in practice. In your response, identify the most significant legal provisions that it would need to address. Indicate clearly what are the responsibilities of the organisation in relation to the collection of personal data of customers and employees. Explain what measures the organisation should introduce to demonstrate that it is meeting its obligations to protect the integrity and security of personal data that it holds. The organisation is considering the need to engage the data processor in order to deliver its cloud-based services. Set out the relationship, and the roles and responsibilities of a data controller and a data processor relevant in this event. The organisation needs to transfer data to the United States and UK as part of its business model. Describe what aspects the company needs to consider for a data transferring agreement and what the implications would be for the company. 3.3 Report Submission Format As well as the relevance and robustness of the content, the report will be assessed in terms of its structure, presentation and referencing: Format and Filename: The report is to be submitted as a word document (NB: not a pdf). Students should use the following format for the file name [DGE_CA_2025S2_StudentNumber]. Cover page/template: On a cover page at the start of the report, the student must indicate their names, student numbers, programme and module title at the beginning of the assignment itself, along with the project title. Students should use any templates provided for cover pages including headings for a word count, plagiarism declaration, AI declaration and bibliography. Structure: The assignment should use an essay style. The report should be well-structured with clear headings and subheadings for each section and subheading. Sources and referencing: Use academic and professional or industry sources to support the analysis and recommendations. The submission should be fully referenced, identifying all sources of information used in a bibliography. Use Harvard referencing style for all citations and include a bibliography at the end of the report. Bibliographies must be presented in full detail, in alphabetical order, and should only contain works referenced in the text. Please refer to the library handouts and handbooks (e.g., 1st Cite Guide) for details on the Harvard referencing method 4. INDICATIVE MARKING SCHEME Assignments will be assessed and graded out of 100 using the marking scheme below. Criteria Marks Section 1 Data Governance and Management 35 Section 2 Privacy and Data Protection 35 Total for CA1 70 Marks will be awarded for the accuracy of content and the comprehensiveness of answer. Presentation of the content is important, and marks are allocated for overall clarity and accuracy of writing. Marks will not be awarded for material above the indicated word count.