3 data privacy recommendations for security and risk management leaders from Exterro
New privacy regulations are creating radical shifts in societal expectations regarding data security. What started with the General Data Protection Regulation (GDPR) in the UK has continued with the California Consumer Privacy Act (CCPA) in the US—and these are changes require a variety of an organization’s division managers to come together to confront challenges that affect almost every aspect of daily business. But with new privacy regulations developing at a rapid pace, many organizations and their internal IT, Security, Legal, Sales departments have been left confused and “unable to adapt their privacy management program at a suitable pace,” according to a Gartner report on The State of Privacy and Personal Data Protection, 2019-2020.
This report recommends major strategies for security and risk management leaders, breaks down the development of privacy laws by continent, and showcases technology capabilities that support the increasing volume, variety, and velocity of personal information. Explored within the same framework, this information represents how organizations should look at implementing technology-enabled privacy programs across enterprises.
The State of Data Privacy Heading Into 2020
The report suggests three overarching needs for security and risk management leaders to consider at their businesses to help maintain compliance with current data privacy laws.
- Incorporate the demands of a “rapidly-evolving privacy landscape” into organization data strategies by reviewing the regional data privacy guidelines that affect them. Gartner provides some of these guidelines in this report.
- Adopt technology that can help businesses support the increasing volume, variety, and velocity of personal information. Gartner suggests utilizing a “three-stage technology-enabled privacy adoption program.”
- Address any outstanding compliance needs, and continue to deliver value to your customers while acting as good stewards of personal data, by taking a “practical approach” to both the letter and the spirit of the law.
Organizations that handle personal information well are rewarded through increased user loyalty on a B2C level, and greater vendor credibility on a B2B level. So even independent of regulatory requirements and potential fines, it’s good business to handle personal data well.