On Wednesday 14 October 2020, the Mauritius Institute of Directors (MIoD) and KPMG in Mauritius launched the Audit Committee Forum Position Paper 8, which provides guidelines to Audit Committees on data protection.
Being in an era of rapid technological change, it is necessary to ensure that privacy rights are properly protected as an increasing amount of personal data is being shared. Processing personal data poses security challenges, hence the need for regulations to protect individuals as well as organisations.
Audit Committees are responsible for the verification of an organisation's financials and oversight of the internal and external audit processes. Outside the financial services industry, where separate risk committees have become an established best practice, Audit Committees have also begun to take a new role. They are increasingly being asked to monitor new issues such as data privacy and digitalisation, exposing them to new compliance risks.
This paper has been prepared to assist Audit Committees to play their role effectively by providing background information on the concepts related to data protection while taking into account the relevant legislations and regulations, as well as providing guidance tailored to Audit Committees so that they are better informed on the subject.