No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Risky Business in a GDPR World

by Cory Cowgill
November 2, 2018
in Data Privacy, Featured
map of EU with padlock on top

Navigating Privacy and Compliance

As the recent data breach by Facebook has made clear, meeting strict GDPR guidelines is difficult. Cory Cowgill, CTO at Fusion Risk Management, discusses GDPR requirements and their impact on data retention and security.

If you are part of nearly any enterprise organization, then May 25, 2018 is likely burned into your memory forever. That was the date when a new landmark privacy law, the General Data Protection Regulation (GDPR), took effect in the European Union (EU). Many articles were written leading up to the law taking effect, and many have been written since. Nowadays, most articles have headlines like, “Taking Ownership in a Post-GDPR Age,” and, “Solving the Remaining Challenges of GDPR.”

Quite clearly, GDPR remains top of mind for business leaders all over the world – and meeting the strict guidelines for compliance remains a struggle.

GDPR consolidated all privacy laws in the EU into one consistent regulation. It expanded the privacy rights granted to individuals in every EU country and placed many new obligations on organizations that market to, track or handle personal data of individuals residing in the EU, no matter where the organization is located. The last bit is key: even if you are a U.S.-based company, if you are storing or have access to the personal data of individuals who live in the EU, GDPR regulations hold your business responsible.

The Post-GDPR Landscape

The sheer breadth of GDPR’s reach has made it extremely difficult for even the largest companies in the world to become compliant, and lawsuits totaling billions of dollars have been filed due to GDPR breaches. This is not a surprise to the many who tracked how companies were preparing for the regulation.

One survey, conducted by law firm McDermott Will & Emory and the Ponemon Institute during the weeks leading up to GDPR going into effect, found that 40 percent of respondents said their companies would not be compliant until after the deadline, while 52 percent of respondents said their organizations would be ready by that date. The remaining 8 percent said they weren’t sure when their organization would be compliant.

These stats prove just how behind many companies continue to be for a GDPR-enforced world. On September 12, during the Confederation of British Industry’s Cyber Security Conference, the U.K.’s Information Commissioner’s Office (ICO) Deputy Commissioner James Dipple-Johnstone revealed that his office currently receives 500 calls per week related to data breaches. While he added that one-third of those calls are generally unwarranted, that leaves well over 300 legitimate complaints each week.

While companies have certainly struggled to become fully compliant with the GDPR during the first months of the law’s existence, it is also clear that consumers and customers believe strongly in the need for the privacy and protection it provides. In fact, you can expect to see laws similar to GDPR being introduced in other places throughout the world. For example, a Janrain survey found that 69 percent of American consumers would like to see privacy laws like GDPR enacted in the U.S. When asked which of the GDPR provisions they’d most like to see enacted, 38 percent responded with the ability to control how their data is used while 39 percent favored the “right to be forgotten” rule, which allows individuals to make a written request to have their data deleted by companies that are storing it.

This desire among consumers to control their data and how it is used actually makes GDPR an opportunity for organizations. While there have been a multitude of reports and articles expressing the downside of GDPR (massive fines and penalties, negative media coverage, the damage to a company’s reputation, etc.), the regulation should be embraced rather than feared. It is a matter of adapting to this new reality and recognizing that data can be both an asset and a liability. In its Top 6 Security and Risk Management Trends for 2018, Gartner notes, “digital business plans must weigh both [the asset and the liability] and seek innovative solutions to lower costs and potential liabilities.”

“Leading organizations are focused on how a compliance program can act as a business enabler,” explained Gartner Research Vice President Peter Firstbrook. “The message SRM (Security and Risk Management) leaders must communicate to CEOs is that data protection has both costs and risk but can also be used as a business differentiator.”

As GDPR is such a new element of the business world, a good deal of attention will be paid to it over the next year – particularly when it comes to how the regulations are interpreted. The language is very broad, and business leaders will look at what courts rule when GDPR-related cases are brought. Facebook, for instance, was famously sued as soon as the law went into effect. That demonstrates that regulators are taking the opportunity to set the regulatory bar and establish new case law that will be used as precedent moving forward. By this time next year, organizations will have a much fuller understanding of what is expected of them, and they will have implemented more robust data protection plans.

Managing the Risk

GDPR requires that companies have a more comprehensive understanding of where and how their customers’ data is stored, what it consists of and what it’s being used for. Most importantly, they need to verify that it is secure. Risk management plays a key role in these efforts by creating a comprehensive platform containing all of an organization’s data privacy and management protocols to ensure GDPR requirements are monitored via a unified display known as a “single pane of glass.” This ensures that organizations meet the privacy requirements of GDPR on an ongoing basis, as the regulations oblige an ongoing commitment to individuals’ privacy.

When companies implement a secure risk management solution, it provides the necessary visibility to ensure all GDPR requirements are met for the proper storage of and access to company data. Risk management also plays a key role in ensuring organizations have the correct security controls in place by providing the tools to create and implement a data privacy impact statement. Using the right solution ultimately allows for agility and long-term compliance – it makes it much easier to meet current GDPR requirements, while also creating the ability to pivot when the law is updated or revised (or when new laws similar to GDPR are passed in the U.S. or other countries). GDPR is not a one-time commitment; it requires ongoing vigilance.

Looking Ahead

GDPR is only the first wave in a new world where privacy legislation and the commitments required of enterprises will continue to evolve. For example, in the United States, the California Consumer Privacy Act of 2018 passed in June 2018, which takes many of the protections in GDPR and applies them in the state of California. Other states and countries will soon follow with their own privacy regulations. To address this risk, the bottom line is that companies need a solution to manage all of their data and to assign that management to various departments and individuals while maintaining visibility across an organization. The proper risk management solution serves as an internal tracking repository for the storage and processing of all personal data.

Of course, most organizations do not exist on an island – they have multiple third-party partners such as vendors, suppliers and contractors who must be included in all privacy protocols. A solid third-party management tool allows for a way to mitigate threats to data and incorporate partners into broader risk management strategies. Beyond that, data is often compromised – either purposely or inadvertently – by an enterprise’s employees. They might click on a link containing malware or even maliciously steal confidential information. A good risk management solution will offer a portal that engages everyone in the organization and makes them accountable for knowing all security protocols.

With GDPR now a reality, more privacy legislation on the horizon and companies continuing to learn exactly how to meet all the requirements that come with it a risk management solution makes it much easier to organize and manage the processes needed to stay compliant. When an enterprise can assure customers and prospects that there are safeguards in place to monitor how their data is handled and stored, it enhances that company’s reputation, as well as its ability to keep pace with constantly evolving regulations.


Tags: GDPRThird Party Risk Management
Previous Post

FireMon Delivers Unrivaled Hybrid Cloud Security with New Visibility and Orchestration Capabilities

Next Post

The Responsible Technology Firm of the Future, Part 4

Cory Cowgill

Cory Cowgill

Cory Cowgill is Chief Technology Officer at Fusion Risk Management, where he is responsible for research and development, customer engagement, operations and security and go-to market initiatives. He has experience in enterprise software development and compliance spanning multiple industries. Cory is in the Salesforce MVP Hall of Fame.

Related Posts

svb_f

Risky Business: Important Lessons From SVB’s Demise

by Atul Vashistha
March 28, 2023

When all is said and done, it’s likely that Silicon Valley Bank’s failure will be traced back to one serious...

credit score gauge

Sales at All Costs? Unified Credit Risk Management Can Squash Bad Deals Before They Happen

by Matthew Debbage
March 15, 2023

The collapse of a business doesn’t usually happen all at once. There are warning signs. Late payments, legal filings and...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

ProcessUnity Unify Third Party Risk and Cybersecurity Whitepaper-f

Unify Third Party Risk & Cybersecurity for Sustainable Resiliency

by Corporate Compliance Insights
March 14, 2023

Align risk reduction efforts by bringing together third-party and cybersecurity functions White Paper Unify Third-Party Risk & Cybersecurity for Sustainable...

Next Post
two hands holding young saplinig

The Responsible Technology Firm of the Future, Part 4

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT