No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Is Data Compliance Equal to Data Security?

Why a Layered Approach is Best

by Jonathan Deveaux
March 8, 2019
in Data Privacy, Featured
illustration of GDPR circling the globe

Comforte AG’s Jonathan Deveaux stresses that while compliance with the GDPR is a worthy goal, adhering to the regulation doesn’t necessarily mean your organization is safe. Consider both compliance and security a journey, not a destination.

The European General Data Protection Regulation (GDPR) came into effect on May 25, 2018, ushering in a new era of data compliance regulation across the world. GDPR-like regulations have emerged in Brazil, Australia, Japan and South Korea, as well as U.S. states such as New York and California.

The GDPR was introduced to protect EU individuals’ personal information, collected by organizations, through regulation on how the data can be collected and used. Even though it is European law, the scope of the legislation effects organizations around the world.

Despite a two-year phase-in period (May 24, 2016 to May 25, 2018), many organizations around the globe remain noncompliant. A GDPR pulse survey by PwC in November 2017 revealed only 28 percent of U.S. companies had begun preparing for GDPR, and only 10 percent responded saying they were compliant.

Just a few weeks before the May 25 deadline, a Cloud Security Alliance’s GDPR preparation and challenges survey report revealed that 83 percent of companies did not feel prepared for GDPR. Moving into 2019, the $57 million fine for violations of the GDPR handed out to Google indicates that even the biggest corporations are struggling to adhere to GDPR compliance regulations.

To avoid potential fines and the cost of compliance, some non-EU companies have opted to withdraw from the EU market entirely. For example, every U.S.-based online newspaper managed by Tribune Publishing Company has been routing all EU IP addresses to pages that say something to the effect of “our website is currently unavailable in most European Countries.’” However, this is not a long-term solution, as more and more major economic hubs around the world introduce GDPR-like compliance regulations. As a result, many organizations are scrambling to improve their data security with the objective of becoming compliant and preventing cyber criminals from stealing precious customer data.

The GDPR has led to the question: “Does having adequate security also mean my organization is GDPR compliant?”

Data Compliance: A Security Solution?

Looking back on 2018, organizations suffering data breaches continued to be a regular occurrence with several high-profile data breaches – including Amazon, Facebook, Marriott Hotels and Google+ – stealing the headlines.

What’s most notable about these breaches: They highlight that adhering to data compliance regulations does not necessarily protect against bad actors breaching your systems and stealing data. Therefore, GDPR and other data compliance regulations shouldn’t be positioned as a sufficient cybersecurity strategy; instead, they should provide the impetus for proactive investment in data protection.

The GDPR provides a framework for comprehensive data security that includes standards for breach management, data protection, vendor management, data minimization and so on. As a result, the GDPR and other data compliance legislation provide organizations with a great foundation to start addressing cybersecurity risks.

The advanced and dynamic nature of cyber threats means that businesses need to adopt enterprise security architecture that can manage the objectives and risk challenges organizations face. Unfortunately, this means organizations cannot rely on purely being compliant with data protection regulation.

Compliance or Security – Which Should Take Priority?

Cybercriminals are constantly advancing and changing their attack methodologies. As a result, being compliant and secure is not a task with an end point. Instead, these are ongoing projects that require continued vigilance through maintaining and updating IT infrastructure. Data compliance regulations, such as the GDPR, are a great starting place for organizations wanting to address data protection. However, they are only an elementary step to addressing security.

With compliance regulations taking hold across the globe, compliance and security are increasingly becoming two sides of the same coin. Security and privacy need to be instrumental parts of organizations’ systems, and if organizations cannot determine whether compliance or security should take priority, they should work toward implementing a strategy that intertwines the two. This helps to reduce risk, particularly when it comes to unlawful access to critical data.

What is the Solution?

Organizations are increasingly adopting a layered approach to data security that involves investing in various solutions to defend against a range of threats. This has resulted in organizations wasting resources on unnecessary solutions – a problematic approach considering the often-limited security budgets many security teams have.

A data-centric security strategy is the solution to organizations’ compliance and security woes. This strategy protects the data throughout its life cycle, whether data is in motion, at rest or in use.

Tokenization is an essential aspect of this strategy. This process “de-toxifies” sensitive data by replacing it with a unique, randomly generated placeholder, anonymizing the information so that it can’t be linked together. This gives organizations the ability to use data while still protecting its original characteristics, helping them to simultaneously meet compliance and security requirements.

In the event of a breach, organizations will not necessarily be penalized if they can demonstrate their security apparatus was up to par (e.g., if sensitive data was breached but had been protected with the appropriate measures, such as tokenization or encryption).

The spread of GDPR-like compliance across the world and within the U.S. provides businesses with the perfect opportunity to review their security posture and implement effective strategies that will protect their business from nefarious actors, as well as fines for noncompliance with data privacy regulation. In today’s world, data compliance and security are essential for survival.


Tags: GDPR
Previous Post

Executive Accountability for Internal Cybersecurity Disclosure

Next Post

Solving the Contract Analytics Imperative

Jonathan Deveaux

Jonathan Deveaux

Jonathan Deveaux is Head of Enterprise Data Protection at comforte AG. He has served the information technology community for more than 25 years. Jonathan started in banking and payments processing, gained experience in systems management supporting business critical strategies and now focuses his attention on data protection, data privacy and compliance.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
businessman holding black umbrella under falling documents

Solving the Contract Analytics Imperative

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT