Preparing for Global Data Privacy Reform

Multinational businesses who aren’t up to speed on the regulatory requirements of the European Union’s General Data Protection Regulation (GDPR) are in for a rude awakening when 2018 rolls around.

It’s not enough for businesses to simply adopt cloud migration the way consumers do.

Companies face an extra set of rules when dealing with the lifecycle of sensitive data. Business leaders believe the GDPR will put U.S. companies at a disadvantage, and 50% of companies believe they are going to be fined for failing to comply with GDPR, due to its complexity.

In the interest of individuals, companies will need to offer easier access to their own data, the right to data portability through transferring personal data between Service Providers and the right to be notified of a data breach involving the individual’s personal information.

Is your vendor asking, ‘please come audit us?’

To help prepare for 2018, companies need to reevaluate cloud strategies and data governance in addition to developing a privacy impact assessment when considering a new vendor or creating a new product. It’s important for companies to view and treat their vendors as an extension of their own organization as they continue to move data into the cloud.

Performing both an online and in-person evaluation can also help determine whether the current privacy control settings and policies meet expectations. Scrutinizing vendor readiness will play a major role in compliance as companies will be at fault for their inability to comply.

Some questions to consider are:

• Why did I choose this vendor?
• What risk will this bring me?
• Do they have proper policies and governance structures in place?
• Are their employees being trained on data privacy?

Vendors should be ready to roll out the welcome mat to customers or prospects at any time and have an open-door policy. They should also be able to provide proof that they can pass regulatory audits.

The importance of a CPO in the C-Suite

The rewards of hiring a Chief Privacy Officer (CPO) are endless when it comes to data privacy regulations and compliance. Not only will they keep IT departments in line and up to speed with global data privacy mandates, but they will also be on top of sharing which questions businesses should be asking cloud vendors. Appointing an expert in data privacy will save your company from non-compliance fines in all of the regions where you do business.

Although the rate at which data is revolutionizing companies defies the speed of light, it also poses more privacy risks extending beyond the IT team’s scope of work and knowledge. That’s where a CPO comes into play. As the data privacy landscape drastically changes, so will the organization’s team.

Companies will need dedicated resources to not only keep up, but help meet ongoing regulations, such as GDPR. In fact, part of the GDPR regulations require certain companies conducting business in Europe to have a CPO, so getting a jump start on hiring for this professional is better than playing catch up.

It’s always a good idea to have a successful security strategy in place in the event of a data breach, but whose job is it to implement, execute, and ensure customer data stays safe and secure? CPOs can work closely with IT to help drive strategies and tactics to keep personally identifiable information (PII) protected, in addition to keeping the rest of the C-suite up to speed.

Are you ready?

It’s critical for companies to understand the consequences and roadmap before regulations go into effect as remediation could cost more than just time, as the fines for data breaches are set to be around 4% of global revenue.

Rather than putting aside budget to pay the expected fines for noncompliance, businesses should invest in preparing their people, processes and systems to meet the regulatory guidelines the same way security vendors need to keep customers compliant.

By Daren Glenister