Risky Business: How Organizations Can Navigate Privacy and Compliance in a GDPR World

Print Friendly, PDF & Email

In this special guest feature, Cory Cowgill, Fusion Risk Management Chief Technology Officer, discusses how enterprise companies should no longer see business continuity and risk management as two separate entities, but marry both practices together. This method helps create a holistic view and enterprise companies get the best of both worlds. It ensures they understand, and are prepared for, the possibilities of various disruptions. Cory is responsible for research and development, customer engagement, operations and security, and go-to market initiatives. He has experience in enterprise software development and compliance spanning multiple industries. Cory is in the Salesforce MVP Hall of Fame.

If you are part of nearly any enterprise organization, then May 25, 2018, is likely burned into your memory. That was the date when a new landmark privacy law, the General Data Protection Regulation (GDPR), took effect in the European Union (EU).

GDPR consolidated all privacy laws in the EU into one, consistent regulation that expanded the privacy rights granted to individuals in the EU. It also placed many new obligations on organizations that market to, track, or handle personal data of individuals residing in the EU, no matter where the organization is located – meaning that even if you are a U.S.-based company and you are working with the personal data of individuals in the EU, GDPR regulations hold your business responsible.

One survey, conducted by law firm McDermott, Will & Emory and the Ponemon Institute during the weeks leading up to GDPR going into effect, found that 40 percent of respondents said their companies would not be compliant until after the deadline, while 52 percent of respondents said their organizations would be ready by that date. The remaining eight percent said they weren’t sure when their organization would be compliant. These stats prove just how behind many companies continue to be in a GDPR-enforced world.

While companies have certainly struggled to become fully GDPR complaint during the first months of the law’s existence, it is also clear that consumers believe strongly in the need for the protection the law provides. In fact, you can expect to see laws similar to GDPR being introduced in other places throughout the world. For example, a Janrain survey found that 69 percent of American consumers would like to see privacy laws like GDPR enacted in the U.S. When asked which of the GDPR provisions they’d most like to see enacted, 38 percent responded with the ability to control how their data is used while 39 percent favored the “right to be forgotten” rule, which allows individuals to make a written request to have their data deleted by companies that are storing it.

This desire among consumers to control their data actually makes GDPR an opportunity for organizations. While there have been a multitude of reports and articles expressing the downside of GDPR (massive fines and penalties, negative media coverage, etc.), it should be embraced rather than feared. It is a matter of adapting to this new reality, and recognizing that data can be both an asset and a liability. In its Top 6 Security and Risk Management Trends for 2018, Gartner notes that, “digital business plans must weigh both (the asset and the liability) and seek innovative solutions to lower costs and potential liabilities.”

GDPR requires that companies have a more comprehensive understanding of where and how their customers’ data is stored, what it consists of, and what it’s being used for. Most importantly, they need to verify that it is secure. Risk management plays a key role in these efforts by creating a comprehensive platform containing all of an organization’s data privacy and management protocols to ensure GDPR requirements are monitored via a unified display known as a “single pane of glass.” This ensures that organizations meet the privacy requirements of GDPR on an ongoing and proactive basis.

When companies implement a secure risk management solution, it provides the necessary visibility to ensure all GDPR requirements are met for the proper storage of, and access to, company data. Using the right solution ultimately allows for agility and long-term compliance – it makes it much easier to meet current GDPR requirements, while also creating the ability to pivot when the law is revised, or even when new laws similar to GDPR are passed in the U.S. or other countries. GDPR is not a one-time commitment; it requires ongoing vigilance.

To address this risk, the bottom line is that companies need a solution to manage all of their data, and assign that management to various departments and individuals while maintaining visibility across an organization. The proper risk management solution serves as an internal tracking repository for the storage and processing of all personal data.

When an organization  can assure customers and prospects that there are safeguards in place to monitor how their data is handled and stored, it enhances that company’s reputation, as well as its ability to continue to keep pace with constantly evolving regulations.


Sign up for the free insideBIGDATA newsletter.

Speak Your Mind