Sunday, March 7, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

3 Hidden Traps Associated with GDPR

by Chris Perram
September 22, 2017
in Data Privacy, Featured
man swallowed by hole in asphalt

Avoiding the Challenges to Ensure Compliance

Many companies aren’t ready for the looming GDPR deadline, and they face real hurdles in getting to “compliant.” FileFacets, an enterprise analytics and privacy compliance platform that makes it easy for businesses to locate, process, and move unstructured content, offers a solution to these challenges. Today we present a guide to confronting three key difficulties companies face on the path to compliance, courtesy of Chris Perram, FileFacets’ CEO.

No one likes to be forgotten. However, when it comes to personal data, most would happily have their names wiped from the books. And by May 2018, EU citizens will be eligible to do exactly this. Every company with customers in the EU must adhere to a client’s right to be forgotten – to get rid of their data, if they so choose.

The mandate is part of the EU’s General Data Protection Regulation (GDPR), which was created to put more pressure on companies to protect citizen data. It also ensures citizens maintain the right to know where their information is stored and the ability to reuse personal data for their own purposes across various domains.

What about the companies that fail to meet the requirements? They could effectively be put out of business. Those that are noncompliant can be fined 2 to 4 percent of their annual global revenue – or  €20 million, depending on which is the highest value.

The trouble is, many companies aren’t ready for what’s coming. Look to the marketing industry for example, where one-quarter of companies have yet to start preparations. Considering 48 percent of U.K. consumers plan to wield their new rights over personal data, there’s a growing sense of urgency for businesses to get this right.

It’s a legal and compliance challenge most companies have never seen. Here are three difficulties companies might face, and how to overcome them:

#1: Your company’s doing a terrible job at tracking its own data (and you probably don’t know it)

Companies do a shocking job of organizing their own data, and your company could be one of them. According to a 2016 Global Databerg Report, 52 percent of all data stored by organizations globally is “dark” data, meaning its value is unknown. Additionally, 33 percent of data is considered “redundant.”

This means that if a client wants access to their information or demands it be erased, more than half of companies might not know where to look for it. Consider that €20 million fine, and it’s a pretty terrifying thought.

Personal data is found in nearly every piece of IT. With many companies engaging in a data-hoarding culture, it’s more important than ever to organize their systems and align with GDPR requirements. While it all seems a bit daunting, there are a few online analysis tools on the market to show how many of your files are redundant, or trivial – including TAMR, Nymity and our own product, FileFacets.

#2: Managing the right to be forgotten

Many companies assume that the right to be forgotten involves simply eliminating all of a customer’s data from records. However, it’s not so black and white, and it’s certainly not as easy as hitting the delete key. The GDPR is more selective, and many consumers will likely want specific parts of their personnel to be forgotten, while enabling other data to be freely and actively shared. One area they may want to be excluded from, for example, is having their data collected in automated decision-making.

Article 22 of the regulation states that individuals “shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.”

So, say your company uses marketing automation platforms like Pardot or Marketo, which leverages AI to put customers in a campaign based on their activities or responses. Under GDPR, customers have the right to opt out of these processes.

For companies, there are ways around this. Firstly, take stock of the AI-powered programs you are using to see whether you can change someone’s condition in the platform so they aren’t included in these automated lists. Secondly, structure your AI platform in a way to track the reasoning of the decision. If you can prove someone’s entry point, what they agreed to and when they agreed to it, you can demonstrate you’re not overstepping the agreement the user entered into.

#3: Security breaches can now become company killing

In May 2017, India’s largest restaurant and food delivery app Zomato was hacked. Seventeen million customers had their email addresses and passwords stolen, which for a while, were up for sale on the dark web. It was all because one developer had his login credentials compromised.

And while Zomato’s reputation may have been a bit tarnished, the company did still continue to scale – in fact, it announced in August that it had reached 3 million monthly orders for the first time ever.

But imagine this had happened in May 2018, when the GDPR is set to go into effect. Assuming Zomato had European customers, the app would have been fined millions of Euros for the big slip-up. That’s enough to make many companies go under.

For organizations to comply with the GDPR, it’s imperative to enforce strict access controls and carefully track access to data. A company can start by consolidating all privileged accounts and putting them in a centralized vault – one example of a solution is Zoho, which keeps company passwords secure in one place. The Zomato breach began when the hacker got access to one developer’s GitHub account; if his or her unique password was locked away in a vault, one could argue the story would have turned out differently.

The new GDPR is causing plenty of CEOs or founders to shift uncomfortably in their seats. However, if you act fast, it’s not too late to get your data and security organized. These are just a few ideas, but getting started on them will get your company on the right path – and open it up to more processes and ideas to make all your systems secure.


Tags: GDPR
Previous Post

Enforcement Heating up on I-9 Compliance

Next Post

Escalating the ABC Fight in Asia-Pacific

Chris Perram

Chris Perram is CEO of FileFacets. In 2000, Chris Perram capitalized on his 15 years of Information Governance expertise by launching his own consultancy, turning it into an internationally recognized centre of excellence for functional classification and metadata modeling. For over a decade, Mr. Perram provided world class IG solutions to the largest companies and governments in the world before pivoting the company to FileFacets in 2015. Chris has created an award-winning SaaS-based privacy compliance and enterprise discovery solution that is adopted around the world.

Related Posts

green and red location markers on map

FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

March 5, 2021
illustration of man under giant gavel

BitPay’s $507K OFAC Sanctions Violations Settlement

March 4, 2021
The facade of the SEC in Washington, D.C.

Prepare Now to Comply with SEC’s Updated MD&A and Related Financial Disclosure Requirements

March 3, 2021
Illustration representing a facial recognition technology scan of a face.

Facial Recognition Technology in the Workplace: Employers Use It, Workers Hate It, Regulation Is Coming for It

March 3, 2021
Next Post
businessman wearing red boxing gloves

Escalating the ABC Fight in Asia-Pacific

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights