Data Privacy – Attaining and Maintaining Compliance

Data privacy compliance has taken a prominent role in the security protocols across every industry; changing the way they think about privacy, who has the responsibility for protecting privacy, and the trends that are emerging because of those new attitudes. “The number of cyber attacks and data breaches in the past two years have pushed governments and States to force better practices in securing customer data and other sensitive information,” says Shawn Waldman, CEO of Secure Cyber Defense.

In 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) went into effect to protect sensitive consumer and business data. In advance of GDPR going into effect, many companies around the world scrambled to get into compliance because they didn’t fully understand the regulation or they weren’t sure how to implement it within their operations. The cost of non-compliance is high, topping out at 20 million Euros or 4% of a company’s annual revenues.

Now businesses are dealing with the passage of the California Consumer Privacy Act (CCPA) which will go into effect on January 1, 2020 unless it is amended. The act allows consumers to question where, how and when their data is being used and offers anyone the option of opting out of the sale of their data or request the deletion of their data.

Adding more layers of regulations and requirements mean greater administrative complexity, requiring additional resources and expertise. At one point, the IAPP estimated that 75,000 data privacy professionals would be hired just as a result of GDPR.

Under both of these new regulations, organizations must ensure that personal data is gathered legally and remains protected from misuse or exploitation. This applies to controllers (who determine the purpose and means of processing of data) and processors (who process data on behalf of a controller). Processors are primarily obligated to maintain safeguards, but controllers will be forced to ensure that processors are in compliance with GDPR and the new CCPA.

While these new rules are great for consumers and businesses alike, there is now significantly more legal liability if a company is found responsible for a data breach. Thus, it is important to understand the requirements of these regulations and their impact on a company’s data usage and storage. Two key components of achieving compliance include: evaluating the risk and potential performance gaps in a company’s cyber security plan for itself and its third-party data companies, and developing a data breach/Incident Response Plan to quickly isolate, investigate and contain sensitive data.

We know these regulations and data security requirements can seem daunting. Oftentimes the hardest part of achieving compliance is just getting started. Secure Cyber Defense & Vestige Digital Investigations’ partnership brings companies a solid, proactive approach to securing your IT environment and helping your company navigate these new requirements. As a team, we ensure that when the inevitable happens, your company is positioned for success!