No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Turn GDPR Compliance into Lemonade

by Lacy Gruen
May 16, 2017
in Data Privacy, Featured
lemons and lemonade on picnic table

5 Key Investments to Make Now

The May 2018 deadline for GDPR compliance is really just around the corner. The EU’s behemoth of a data privacy regulation will affect all organizations doing business in the EU or collecting data on EU citizens. Many businesses remain woefully unprepared. Here we share insights into how five key investments can pay off in the long-run. 

“When life gives you lemons, make lemonade,” goes the popular saying, which inspires us to tackle life’s challenges in a positive way to help us grow and learn from hardships. For organizations struggling to meet the upcoming GDPR compliance deadline in May 2018, it may be difficult to view the massive data privacy compliance project as a positive, a piece of investment that can change the way an organization stores and handles user data for the better.

But how can an organization successfully turn GDPR “lemons” into lemonade? By using this time to solidify its overall compliance strategy, an organization can get a return on its GDPR compliance investment. Below is a quick summary of the payoff an organization can potentially see from implementing a comprehensive GDPR strategy:

  • Better data- and analytics-driven decision-making — Visibility around data and access to data can help with both GDPR compliance and other IT or business initiatives.
  • Long-term customer/brand loyalty — Customers want to know that the company they are buying from cares about protecting its users’ data.
  • Greater organizational agility — Having automation around data access in place allows an organization to be nimble to respond to business changes and needs.
  • Reduced cybersecurity risk — Security controls that are put in place for GDPR compliance can potentially help an organization protect against IT security threats such as ransomware.
  • Higher-value allocation of IT staff — Some automation tools are flexible enough to not only automate the enforcement of data policies, but automate many other IT tasks along the way.
  • Reduced overall compliance and audit costs — Organizations most likely have multiple regulations to comply with, so streamlining auditing will help with more than just GDPR compliance.
  • Avoidance of GDPR-related fines — GDPR has set up hefty penalties for those who are not in compliance with the regulation, and any smart organization should plan to avoid the maximum noncompliance fine of 4 percent of the firm’s annual turnover.

Studies show that organizations are allocating significant budgets for GDPR compliance. But what are the key areas that organizations should invest in to ensure that GDPR compliance pays off in the long-run?

#1: Good Data Governance

Disciplined and diligent data governance is a must for any GDPR compliance effort. An organization cannot effectively manage and protect customer data if it does not know where it is located. For GDPR compliance, businesses must make an active effort to locate all user data, discover exactly what it consists of and identify where the data originated. It also needs to define and enforce policies regarding how data is viewed, used, copied and accessed.

#2: Context-Based Mobile Workspace Controls

In the age of the digital workspace, employees take their digital identities everywhere with them, expecting to get their work done effectively regardless of the time of day or physical location. In fact, the majority of employers expect that employees work on-the-go from their smartphones, tablets, laptops and home desktops. This is an issue for organizations that continue to depend on static, perimeter-based technologies to control access to sensitive data resources.

The only way to ensure that customer data doesn’t travel anywhere it shouldn’t — and that all use of customer data is legitimate and traceable — is to manage data access in context. Context and associated policies determine what is and isn’t allowed. It also provides the usage data essential for GDPR audit reporting.

#3: Streamline Privilege Administration with Automation and Delegation

Many employees unnecessarily have more access than they need to company data, posing a serious risk to GDPR compliance — as well as to general cybersecurity. The solution to the problem of creeping privilege is to streamline administration of access rights. Automation also enables IT to put a “freshness date” on privileges so they don’t last indefinitely. Organizations can also fight privilege creeping by using delegation tools that empower LOB managers, HR admins and other non-IT stakeholders to perform access administration as appropriate. This adaptive, business-aligned approach to access control can significantly reduce total organizational privileging without impairing anyone’s ability to be productive.

#4: Anti-Ransomware Whitelisting

Ransomware attacks now impact about half of all businesses, and ransomware techniques continue to become more sophisticated. These attacks often take the form of social engineering techniques that circumvent cybersecurity perimeter defenses by tricking human users into clicking a malicious link or opening a malicious attachment.

Effective ransomware defense requires multiple countermeasures, including frequent data backups and aggressive user education. However, any organization seeking to fend off ransomware and similar cyberattacks must also implement some form of workspace whitelisting. Effective whitelisting is thus closely related to automated privilege administration (key investment #3) — with the added dimension of disallowing access to non-whitelisted resources.

#5: Push-Button Offboarding

Another related and essential capability for GDPR compliance is push-button offboarding. As noted above, employees can accumulate many privileges over time. So when they leave an organization, those privileges must be revoked immediately.

Revocation of a user’s privileges can tend to be slow, leaving organizations vulnerable to data leakage. This is a huge GDPR and data security no-no. Every organization needs an offboarding mechanism that triggers complete revocation of all privileges across all systems — on premise and in the cloud — without exception immediately upon a termination or transfer event in the company’s HR system.

Regulations change and new legislation continues to pops up, but if an organization takes the right data protection measures now, it will have the right tools in place to make life much easier in the future. Businesses that properly view GDPR compliance as one part of a broader effort to better govern data in the digital enterprise — traversing compliance, security and automation — will significantly outperform their more complacent competitors. And that performance will have a tangible, positive impact on the bottom line.


Tags: Data GovernanceGDPRRansomware
Previous Post

Creating a Coordinated Approach to Assurance

Next Post

Compliance Executives to Increase Investment in RegTech as Geopolitical Risks Heighten

Lacy Gruen

Lacy Gruen

Lacy Gruen is a Director at global digital workspace provider RES, where she works to develop go-to-market strategy and help customers find solutions that will solve the real IT challenges of today and the future.

Related Posts

banks information sharing_f

Sharing Is Caring? Lessons From Dutch Banks’ Data-Sharing Program

by Sukirt Singh
March 22, 2023

With federal investigations pending, the autopsy of Silicon Valley Bank and resulting cascade of bank failures is only just beginning....

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

Next Post
Compliance Executives to Increase Investment in RegTech as Geopolitical Risks Heighten

Compliance Executives to Increase Investment in RegTech as Geopolitical Risks Heighten

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT