Let’s do a little thought experiment. Imagine that your organization is one of a herd of gazelles lounging on an African plain. It’s a beautiful day and everything is going smoothly. The watering hole is full and there’s plenty of grass to graze on. All is good with the world. Except there is a lion stalking your group, looking for the weakest and least prepared member and singling them out for closer inspection. In this situation, the best-prepared individuals will be able to escape while the less-fortunate will have to fend for themselves.
Now imagine your enterprise among a vast collection of other diverse companies. Change the looming danger from a hungry predator to a sudden and potentially crippling lawsuit brought about by a data breach that has broken some new privacy regulations you were not even aware existed. Your organization has been blindsided by the new privacy laws which have leaped out of the ether to grab it by the corporate throat. How nimble and prepared is your company? So, are you scared yet?
New Privacy Regulations Are on the Way
Data privacy has increased in importance in the last several years to rise to the level of being considered an essential human right in some areas of the world. This has spawned new and more stringent data privacy laws that address the concerns of citizens in the 21st Century. The enforcement of these regulations has also ramped up and the financial liabilities imposed on delinquent organizations can cause long-term harm.
The European Union’s General Data Protection Regulation (GDPR) is one of the most well-known of the recently enacted privacy laws. It is meant to protect the population of the European Union (EU) by giving them control over how their private data is used. Its effects do not stop at the borders of the countries that make up the EU. Companies that do business with EU citizens are required to comply with the regulation when handling their data. Google was fined $57 million for not adequately notifying consumers how their data would be used by the online giant.
The State of California is leading the way in bringing GDPR-like regulations to the United States. The California Consumer Protection Act (CCPA) addresses the same concerns as the GDPR over how personal data is collected, stored, and used by a business. Set to take effect on January 1, 2020, the law will enable consumers to demand to know what personal data a company has and have it deleted if that is their wish. The CCPA ushers in a new wave of consumer data protection that forces many organizations to change the way they do business.
These are just two examples of the regulations that companies must comply with to keep their customers’ data safe and avoid financial penalties. Additional complexity arises when different laws impact the same stores of data.
Preparation is the Key
Certain characteristics surrounding how an organization handles data are critical in its ability to address the challenges of remaining compliant with new privacy regulations. They are common to all privacy regulations and adhering to them will provide the required preparedness for navigating the regulatory landscape.
- Data accountability is critically important and needs to be made part of the overall corporate philosophy. The organizational repercussions of a data breach need to be considered as does insurance for protection in the event of a worst-case scenario.
- New privacy regulations may demand user consent related to how, when and why personal information is being collected and stored. User consent needs to be obtained and documented to provide compliance evidence.
- Some of the emerging privacy laws dictate where data is physically stored and may entail an overhaul of data export procedures in the cloud and on-premises.
The bottom line is that greater transparency and control over their data is being granted to individuals. This is a good thing for society, but can potentially be a bad thing for companies caught off-guard. Make sure you understand all of the regulations for the locales in which your business operates and comply with them to remain successful.
Start with a Strong Foundation
Implementing a data governance program is a step that all organizations should consider if they deal with sensitive, personal data. Data governance helps an enterprise understand what its data assets are and how they are being accessed and used. It can eliminate the risk of departmental misunderstandings that could lead to accidental misuse of personal information. Data governance puts the whole organization on the same page as far as its data is concerned.
IDERA’s ER/Studio Enterprise Team Edition offers a collaborative platform that helps build the shared language that forms the foundation of a data governance initiative. It helps identify your existing data assets and effectively communicate data models and metadata across the organization. ER/Studio will help your enterprise prepare for and successfully deal with the complexities of remaining compliant in an era of increased data privacy laws.
Failure to review your policies and make the necessary revisions can leave your company feeling like the last gazelle to catch the scent of the lion. I bet that’s not where you really want to be, is it?