No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

3 Hidden Traps Associated with GDPR

by Chris Perram
September 22, 2017
in Data Privacy, Featured
man swallowed by hole in asphalt

Avoiding the Challenges to Ensure Compliance

Many companies aren’t ready for the looming GDPR deadline, and they face real hurdles in getting to “compliant.” FileFacets, an enterprise analytics and privacy compliance platform that makes it easy for businesses to locate, process, and move unstructured content, offers a solution to these challenges. Today we present a guide to confronting three key difficulties companies face on the path to compliance, courtesy of Chris Perram, FileFacets’ CEO.

No one likes to be forgotten. However, when it comes to personal data, most would happily have their names wiped from the books. And by May 2018, EU citizens will be eligible to do exactly this. Every company with customers in the EU must adhere to a client’s right to be forgotten – to get rid of their data, if they so choose.

The mandate is part of the EU’s General Data Protection Regulation (GDPR), which was created to put more pressure on companies to protect citizen data. It also ensures citizens maintain the right to know where their information is stored and the ability to reuse personal data for their own purposes across various domains.

What about the companies that fail to meet the requirements? They could effectively be put out of business. Those that are noncompliant can be fined 2 to 4 percent of their annual global revenue – or  €20 million, depending on which is the highest value.

The trouble is, many companies aren’t ready for what’s coming. Look to the marketing industry for example, where one-quarter of companies have yet to start preparations. Considering 48 percent of U.K. consumers plan to wield their new rights over personal data, there’s a growing sense of urgency for businesses to get this right.

It’s a legal and compliance challenge most companies have never seen. Here are three difficulties companies might face, and how to overcome them:

#1: Your company’s doing a terrible job at tracking its own data (and you probably don’t know it)

Companies do a shocking job of organizing their own data, and your company could be one of them. According to a 2016 Global Databerg Report, 52 percent of all data stored by organizations globally is “dark” data, meaning its value is unknown. Additionally, 33 percent of data is considered “redundant.”

This means that if a client wants access to their information or demands it be erased, more than half of companies might not know where to look for it. Consider that €20 million fine, and it’s a pretty terrifying thought.

Personal data is found in nearly every piece of IT. With many companies engaging in a data-hoarding culture, it’s more important than ever to organize their systems and align with GDPR requirements. While it all seems a bit daunting, there are a few online analysis tools on the market to show how many of your files are redundant, or trivial – including TAMR, Nymity and our own product, FileFacets.

#2: Managing the right to be forgotten

Many companies assume that the right to be forgotten involves simply eliminating all of a customer’s data from records. However, it’s not so black and white, and it’s certainly not as easy as hitting the delete key. The GDPR is more selective, and many consumers will likely want specific parts of their personnel to be forgotten, while enabling other data to be freely and actively shared. One area they may want to be excluded from, for example, is having their data collected in automated decision-making.

Article 22 of the regulation states that individuals “shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.”

So, say your company uses marketing automation platforms like Pardot or Marketo, which leverages AI to put customers in a campaign based on their activities or responses. Under GDPR, customers have the right to opt out of these processes.

For companies, there are ways around this. Firstly, take stock of the AI-powered programs you are using to see whether you can change someone’s condition in the platform so they aren’t included in these automated lists. Secondly, structure your AI platform in a way to track the reasoning of the decision. If you can prove someone’s entry point, what they agreed to and when they agreed to it, you can demonstrate you’re not overstepping the agreement the user entered into.

#3: Security breaches can now become company killing

In May 2017, India’s largest restaurant and food delivery app Zomato was hacked. Seventeen million customers had their email addresses and passwords stolen, which for a while, were up for sale on the dark web. It was all because one developer had his login credentials compromised.

And while Zomato’s reputation may have been a bit tarnished, the company did still continue to scale – in fact, it announced in August that it had reached 3 million monthly orders for the first time ever.

But imagine this had happened in May 2018, when the GDPR is set to go into effect. Assuming Zomato had European customers, the app would have been fined millions of Euros for the big slip-up. That’s enough to make many companies go under.

For organizations to comply with the GDPR, it’s imperative to enforce strict access controls and carefully track access to data. A company can start by consolidating all privileged accounts and putting them in a centralized vault – one example of a solution is Zoho, which keeps company passwords secure in one place. The Zomato breach began when the hacker got access to one developer’s GitHub account; if his or her unique password was locked away in a vault, one could argue the story would have turned out differently.

The new GDPR is causing plenty of CEOs or founders to shift uncomfortably in their seats. However, if you act fast, it’s not too late to get your data and security organized. These are just a few ideas, but getting started on them will get your company on the right path – and open it up to more processes and ideas to make all your systems secure.


Tags: GDPR
Previous Post

Enforcement Heating up on I-9 Compliance

Next Post

Escalating the ABC Fight in Asia-Pacific

Chris Perram

Chris Perram

Chris Perram is CEO of FileFacets. In 2000, Chris Perram capitalized on his 15 years of Information Governance expertise by launching his own consultancy, turning it into an internationally recognized centre of excellence for functional classification and metadata modeling. For over a decade, Mr. Perram provided world class IG solutions to the largest companies and governments in the world before pivoting the company to FileFacets in 2015. Chris has created an award-winning SaaS-based privacy compliance and enterprise discovery solution that is adopted around the world.

Related Posts

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

cpo and ciso

Allies in Privacy, Security & Compliance: Why Closer Collaboration Between CPOs and CISOs Benefits Everyone

by Maria D'Avanzo
September 28, 2022

As a former chief privacy officer (CPO) of a publicly traded commercial real estate services firm, Maria D’Avanzo worked in...

Next Post
businessman wearing red boxing gloves

Escalating the ABC Fight in Asia-Pacific

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT