Sunday, August 25, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Write For CCI
    • Advertise With Us
  • Articles
    • All Articles by Date
    • Jump to Topic
      • Compliance
      • Ethics
      • Risk
      • FCPA
      • Governance
      • Fraud
      • Audit
      • HR Compliance
      • Data Privacy
      • Financial Services
      • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Write For CCI
    • Advertise With Us
  • Articles
    • All Articles by Date
    • Jump to Topic
      • Compliance
      • Ethics
      • Risk
      • FCPA
      • Governance
      • Fraud
      • Audit
      • HR Compliance
      • Data Privacy
      • Financial Services
      • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
No Result
View All Result
Home Data Privacy

4 Questions to Help Prepare for the GDPR

by Kevin Gibson
October 20, 2017
in Data Privacy, Featured
cloud with timer against blue technology interface with binary code

Information Management vs. Information Governance

Do you know the difference between information governance and information management? Kevin Gibson of Hanzo outlines four questions to differentiate between the two concepts. The details below can also help to shape your organization’s policies related to GDPR compliance.

“Information management” and “information governance” are one and the same. Or are they? The answer is “no” — and it’s important to understand the difference between the two. This is especially so given the General Data Protection Regulation (GDPR), slated to take effect in the European Union (EU) on May 25, 2018. Reviewing the answers to the following four questions can help clarify the intricacies of information management and information governance, as well as help create information management and information governance policies that best support GDPR compliance.

#1: How are “information management” and “information governance” defined, and how do they differ?

Information management is the process of handling information throughout its lifecycle. This lifecycle includes the acquisition of data from various sources, its custodianship and its distribution, as well as its disposition through deletion or archiving based on information governance policies. Information that requires management ranges from very simple, structured data that can be easily stored and searched using basic algorithms (e.g., customer histories) to unstructured data (e.g., data shared via social media and collaboration platforms).

While information management centers on action, information governance is proactive. It encompasses the technologies, policies, processes and strategies used by organizations to minimize risk by adhering to industry and legal regulations while simultaneously meeting their business needs and objectives. Thus, information governance strategies cover control over information creation, valuation, use, storage and deletion.

#2: Why is information governance as critical a component of organizations’ business strategy as information management?

Information governance provides the structure and rules — in other words, the framework — necessary to effect information management. Without these elements, it would be impossible to mitigate risk. For example, organizations that run afoul of the GDPR can face stiff fines when a breach in any of their systems exposes personally identifiable information (PII) associated with any EU citizen — whether customer or employee. However, if an organization’s information governance policy calls for using technology designed to safeguard PII, the risk of a data breach is lessened. There is also the additional bonus of cost savings stemming from that reduced risk.

Trust is part of the equation as well. Stakeholders as a whole (customers and employees) have increasingly come to view PII as a valuable commodity, worthy of protection. They demand that organizations treat their PII as such, and organizations in turn want them to trust that this is the case. Earning and maintaining that trust all comes down to good information governance.

#3: How should information management processes be configured or changed to foster GDPR compliance?

The type and volume of PII data in organizations’ custodianship will vary based on the nature of their business. However, compliance with the GDPR necessitates having in place information management processes that facilitate remaining “on top” of the PII lifecycle, no matter how much data exists and into which PII subcategory it falls. For all organizations, at all times, this means knowing what data they have and precisely where that data can be found.

Complying with the GDPR is easier when information management processes are created or modified to include the process of pinpointing and “mapping out” the whereabouts of individual categories of data. This supports compliance by making it easy to figure out whether or not data that should not be exposed is safe behind the “fence” of an appropriate repository and to rectify the situation if needed.

Under the GDPR, organizations are also required, when asked or following a breach of their systems, to prove that they have made every reasonable effort to protect data that warrants protection. When mapping is part of organizations’ information management processes, furnishing such proof is easy.

#4: How should information governance practices be laid out, in general and to facilitate compliance with the GDPR?

In general, information governance practices should align with business goals and objectives. For example, organizations may, in an effort to strengthen engagement with their best customers, want to structure certain data repositories to make it easier to access data pertaining to “preferred” clientele. Exploring a few key issues will help here as well. These encompass, but are not necessarily limited to, the importance — or unimportance — of all individual pieces of data to running the business and how the data will be used on a regular basis.

Meanwhile, to support compliance with the GDPR, information governance policies should dictate how and where customer and employee PII is shared and by whom. Organizations would also do well to carefully craft policies that specify how they will fulfill requests made by “data subjects” (i.e., customers and employees) in keeping with rights extended to them under the GDPR. For instance, the GDPR gives data subjects the right to ask that their PII be removed from any company system, even if they themselves have shared it and/or the platform is no longer in active use.

Finally, solid information governance practices allow for built-in GDPR compliance facilitated by technology. Such technology includes solutions that detect the presence of PII in systems or on platforms where it should not reside and automatically extract it without impacting functionality or users.

Creating and maintaining comprehensive information management procedures and information governance policies alike has always been important for organizations of all sizes, but some haven’t fully embraced the process. With the GDPR less than one year away, moving forward on this front now — rather than later — is more important than ever.


Tags: data breachdata governanceGDPRinformation managementPII
Previous Post

9 Ways Auditors Deliver Tangible Value

 Next Post

DOJ’s Stand On Gender Identity Clouds Legal Issues

Kevin Gibson

Kevin Gibson is CEO & Chairman of Hanzo. Hanzo provides legally defensible collection, preservation and analysis of web and social media content for Global 2000 companies in the cloud, on premise or on demand.

Related Posts

woman in red suit waiting for an interview

Avoiding Common Pitfalls in the Compliance Job Search

August 23, 2019
light bulb with earth on blue background

ESG Reporting is Critical – How to Get Started

August 23, 2019
jenga tower with protruding block and cityscape in background

All Along the Watchtower: I Hear the Whistles Blow

August 22, 2019
illustration of uplifted hands holding gold stars

Antitrust Division Offers Credit for Strong Compliance Programs

August 22, 2019
Next Post
DOJ’s Stand On Gender Identity Clouds Legal Issues

DOJ’s Stand On Gender Identity Clouds Legal Issues

Scce workshop
Internal auditor compliance event
Volkov's book about DOJ featuring a road sign on the cover
Compliance Job Interview Q&A

RSS SEC Litigation News

  • Terry Wayne Kelly and Kelly Management, LLC August 22, 2019
    SEC Charges Mississippi Company and its Principal with Fraud in Timber Ponzi Scheme
  • Andrew J. Kandelapas August 20, 2019
    SEC Obtains Final Judgment Against CEO in Penny Stock Fraud Scheme
  • Crystal World Holdings, Inc., et al. August 19, 2019
    SEC Charges Issuer for Misleading Investors in the Sale of Unregistered Securities
No Result
View All Result

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Columns
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • Mr. Monitor
  • News
  • Opinion
  • Podcasts
  • Resource Library
  • Risk
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks

© 2019 Corporate Compliance Insights