As your company seeks new ways to make sense of vast data sets for precious business insights, it is becoming harder for Information Security and Privacy professionals to protect the data. At the same time your customers have become concerned how your organisation will collect, store and use Personally Identifiable Information (PII). Vendors are not making things any easier and have been continually introducing new services and features making impossible to track and asses impact on PII or Data Protection for that matter. On the other hand, many of those vendors out there have promised to prevent data theft and breaches but managed just to create more problems and confusion. This paper aims to help you navigate waters of Legal & Regulatory and point the way how Blockchain can help you design effective Data Protection and Privacy enhancing controls for your organisation.
Neglect and ignorance is unacceptable when it comes to protection of confidential personal data. Ignorance can cost you dearly not just as a fine from the regulators but from the fact that the customer can take his business and go to your competitor. Your organisation is no longer just a custodian of customer personal data - personal data and insights based on it, form one of the key assets for your organisation's competitive advantage.
Be diligent and get ready for the changes ahead. Navigating and protecting Yottabytes of dispersed, unstructured data is increasingly difficult and daunting responsibility and you will need privacy-enabled technologies to help you along the way.
The recent European Court of Justice ruling on inadequacies of Safe Harbor privacy principles reinforces the need for privacy-enhancing technologies combined with business and process transformation efforts to embrace technology and achieve compliance.
The consumer/customer data forms a key ingredient to your company success. You must know your data in order to protect it. If you don’t have a holistic Data protection and Privacy plan, act now and make sure you create Data Protection policies and oversight that matter to your organisation, in sync with laws and regulations. After three years of drafting and negotiations, the European Parliament and Council of the European Union reached an informal agreement on the final draft of the EU General Data Protection Regulation (GDPR). The new regulation will significantly affect businesses in all industry sectors - be ready for the changes ahead.
"When you hear arguments about privacy, they tend to come from older people." Referring to how his daughters use the Internet, he continued, "When I talk to them about online privacy, they don't know what I'm talking about."
NON-COMPLIANCE IS NOT AN OPTION
Don’t blame the regulators, they are just trying to bring order in place. However, at the same time businesses are being pushed off the cliff and left to figure out how to land in the water. With the cliff getting higher and the water getting deeper, the major EU privacy reform is expected to take effect mid 2018 and your organisation will have two years to implement controls and new rules.
Depending on the nature of your business, typically you’ll be faced with the following two broad groups of Data Protection regulations:
The cross-industry regulations are broadly vague when it comes to specifics of Data Protection controls, and the fact it would mandate an “appropriate technical and organisational measures” won’t help you to establish whether you have the necessary control in place to comply.
The recent ruling of the European Court of Justice that the EU-US Safe Harbor agreement is effectively invalid puts another layer of pressure for organisation to understand the implications and comply. The tough stance of the EU court has only confirmed what EU information security and privacy experts have been advising for ages:
With the effect of the new regulations, your organisation will have to abide to the following rules, without exception:
Privacy and Data protection requires contribution from everyone
Privacy and Data Protection is not exclusively a problem of the Privacy and Information Security professionals, it is everyone’s. It is time to paint a picture of the “data universe” by asking simple questions (not an extensive list) across all your business functions:
Reassess Privacy and Data Protection processes, controls and oversight
Re-evaluate your Data Protection and Privacy strategy to support business goals. This requires an assessment of Privacy and Data Protection laws and regulations from around the world that will affect the definition of your enterprise security policies. On the general threat landscape front, review and address the inside threats, intrusions, and data exfiltration threat scenarios. You must avoid building policies without the clear understanding of feasibility, context and purpose within the business. Ask yourself, what products and services can help us automate Data Protection controls?
Establish new relationships and inspire people to champion Data Protection
To achieve wider company success, introduce a culture of Privacy and Data Protection. Information Management, Security and Privacy functions are traditionally linked to Governance, Risk, Compliance and Legal Counsel and it would usually end there. Keep existing relationships but expand further and make others such as Digital Marketing and Innovation teams your closest allies to stay ahead of the curve.
Blockchain assures Authenticity and Integrity of Data, the same Data that is at the heart of the Digital Economy. It offers capabilities to keep you one step ahead of ever so changing threat landscape and Data Protection Laws and Regulations. Blockchain enables Digital Economy by removing uncertainty and assuring data authenticity at the atomic level of all your company Intellectual Property assets whether it’s a recipe, an algorithm, code or a design.
You wouldn't drink water from a contaminated water-well, would you? If Data would be water, then Blockchain would be able to supply you with an indefinite supply of clean, purified and certifiably safe water to drink.
We just sent you an email. Please click the link in the email to confirm your subscription!
OKSubscriptions powered by Strikingly