The regulatory landscape is constantly changing
Over the last year, authorities have gained a greater understanding of their role in holding businesses accountable for their use of personal data (i.e. information about people) and have demonstrated their commitment to enforcing legislation that protects individual rights. Encouragingly, we’re also seeing more data privacy professionals driving the business agenda.
2019 was a year of enforcement. #cybersecurity #GTIR2020Authorities in the European Union (EU) and the US, in particular, have issued a number of fines against businesses that have failed to act transparently, fairly, and responsibly in their use of personal data.
2019 was a year of enforcement for IT compliance…but GRC is becoming more complex and challenging to navigate: global health emergencies like the Coronavirus outbreak do, and should, affect the way organizations manage security-related initiatives. Health and safety concerns over employees and the public override many compliance initiatives and should be taken into account when designing and implementing security controls, business continuity and disaster recovery plans.
Compliance and complacency don’t mix
Complacency can lead to serious consequences and put your business, employees, and customers at risk. Moving forward steadfastly and continuing to make the appropriate investments is critical.
New regulations are being implemented or are coming soon; to name a few:
- California Consumer Privacy Act
- Brazilian General Data Protection Law
- India’s Personal Data Protection Bill
- Singapore Personal Data Protection Act
- South Africa’s Protection of Personal Information Act
Steps to success
To ensure thorough IT governance and compliance programs, businesses should take note of the following guidelines:
- Gain an understanding of what data you currently have. Scrutinize what kind of information you have. Determine where you store it, know who has access to it, what you do with it, how you use it, with whom you share it, why you need it, and how you need to protect it.
- Employ the appropriate persons for the job. Appoint appropriately qualified and skilled data protection professionals, and engage trusted partners, as they will work with you to transform data protection legislation into business practices which support compliance.
- Implement strong data governance mechanisms. Ultimately, data protection is about managing the personal data you use in your business, and ensuring you have appropriate controls and oversight, as well as reporting compliance to validate the effectiveness of your controls. Ask yourself: ‘Do we apply rules relating to data classification and quality? Do we have master data records management? Are robust retention and records management policies and procedures in place?’
Recommended for you
Cybersecurity for business continuity
Find out moreRegister to receive our Monthly Threat Reports
Register hereSecurity needs to be proactive
Read more
How we can help you
Security Consulting Services
Protect your key assets by applying your resources and controls effectively, and in the right places.
Read more
Security
Create, build and manage a predictive security ecosystem that protects your intelligent business.
Read more
Managed Security Services
Manage security staff shortages to align the right security people, tools, processes and technologies to maintain your security posture.
Read more
