Friday, February 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

4 Questions to Help Prepare for the GDPR

by Kevin Gibson
October 20, 2017
in Data Privacy, Featured
cloud with timer against blue technology interface with binary code

Information Management vs. Information Governance

Do you know the difference between information governance and information management? Kevin Gibson of Hanzo outlines four questions to differentiate between the two concepts. The details below can also help to shape your organization’s policies related to GDPR compliance.

“Information management” and “information governance” are one and the same. Or are they? The answer is “no” — and it’s important to understand the difference between the two. This is especially so given the General Data Protection Regulation (GDPR), slated to take effect in the European Union (EU) on May 25, 2018. Reviewing the answers to the following four questions can help clarify the intricacies of information management and information governance, as well as help create information management and information governance policies that best support GDPR compliance.

#1: How are “information management” and “information governance” defined, and how do they differ?

Information management is the process of handling information throughout its lifecycle. This lifecycle includes the acquisition of data from various sources, its custodianship and its distribution, as well as its disposition through deletion or archiving based on information governance policies. Information that requires management ranges from very simple, structured data that can be easily stored and searched using basic algorithms (e.g., customer histories) to unstructured data (e.g., data shared via social media and collaboration platforms).

While information management centers on action, information governance is proactive. It encompasses the technologies, policies, processes and strategies used by organizations to minimize risk by adhering to industry and legal regulations while simultaneously meeting their business needs and objectives. Thus, information governance strategies cover control over information creation, valuation, use, storage and deletion.

#2: Why is information governance as critical a component of organizations’ business strategy as information management?

Information governance provides the structure and rules — in other words, the framework — necessary to effect information management. Without these elements, it would be impossible to mitigate risk. For example, organizations that run afoul of the GDPR can face stiff fines when a breach in any of their systems exposes personally identifiable information (PII) associated with any EU citizen — whether customer or employee. However, if an organization’s information governance policy calls for using technology designed to safeguard PII, the risk of a data breach is lessened. There is also the additional bonus of cost savings stemming from that reduced risk.

Trust is part of the equation as well. Stakeholders as a whole (customers and employees) have increasingly come to view PII as a valuable commodity, worthy of protection. They demand that organizations treat their PII as such, and organizations in turn want them to trust that this is the case. Earning and maintaining that trust all comes down to good information governance.

#3: How should information management processes be configured or changed to foster GDPR compliance?

The type and volume of PII data in organizations’ custodianship will vary based on the nature of their business. However, compliance with the GDPR necessitates having in place information management processes that facilitate remaining “on top” of the PII lifecycle, no matter how much data exists and into which PII subcategory it falls. For all organizations, at all times, this means knowing what data they have and precisely where that data can be found.

Complying with the GDPR is easier when information management processes are created or modified to include the process of pinpointing and “mapping out” the whereabouts of individual categories of data. This supports compliance by making it easy to figure out whether or not data that should not be exposed is safe behind the “fence” of an appropriate repository and to rectify the situation if needed.

Under the GDPR, organizations are also required, when asked or following a breach of their systems, to prove that they have made every reasonable effort to protect data that warrants protection. When mapping is part of organizations’ information management processes, furnishing such proof is easy.

#4: How should information governance practices be laid out, in general and to facilitate compliance with the GDPR?

In general, information governance practices should align with business goals and objectives. For example, organizations may, in an effort to strengthen engagement with their best customers, want to structure certain data repositories to make it easier to access data pertaining to “preferred” clientele. Exploring a few key issues will help here as well. These encompass, but are not necessarily limited to, the importance — or unimportance — of all individual pieces of data to running the business and how the data will be used on a regular basis.

Meanwhile, to support compliance with the GDPR, information governance policies should dictate how and where customer and employee PII is shared and by whom. Organizations would also do well to carefully craft policies that specify how they will fulfill requests made by “data subjects” (i.e., customers and employees) in keeping with rights extended to them under the GDPR. For instance, the GDPR gives data subjects the right to ask that their PII be removed from any company system, even if they themselves have shared it and/or the platform is no longer in active use.

Finally, solid information governance practices allow for built-in GDPR compliance facilitated by technology. Such technology includes solutions that detect the presence of PII in systems or on platforms where it should not reside and automatically extract it without impacting functionality or users.

Creating and maintaining comprehensive information management procedures and information governance policies alike has always been important for organizations of all sizes, but some haven’t fully embraced the process. With the GDPR less than one year away, moving forward on this front now — rather than later — is more important than ever.


Tags: data breachdata governanceGDPRinformation managementPII
Previous Post

9 Ways Auditors Deliver Tangible Value

Next Post

DOJ’s Stand On Gender Identity Clouds Legal Issues

Kevin Gibson

Kevin Gibson is CEO & Chairman of Hanzo. Hanzo provides legally defensible collection, preservation and analysis of web and social media content for Global 2000 companies in the cloud, on premise or on demand.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
DOJ’s Stand On Gender Identity Clouds Legal Issues

DOJ’s Stand On Gender Identity Clouds Legal Issues

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights