The pending General Data Protection Regulation (GDPR) is set to have a dramatic impact on businesses across Europe. Meeting its tough new mandates will put huge pressures on businesses to capture, integrate, certify, protect and monitor all of their data seamlessly and efficiently.
They will need to track and trace how potentially sensitive data is managed and used across the whole information supply chain , not only their CRM, HR system or their Hadoop data lakes; deliver “pseudonymisation”: the separation of data from direct identifiers so that linkage to an identity is not possible alongside data portability, which allows individuals to obtain their own personal data.
However, with the volume, variety and velocity of data passing through businesses growing exponentially, together with the proliferation of new cloud applications that might be adopted by lines of businesses without IT involvement, it’s increasingly difficult for hard-pressed IT departments to take total ownership on the protection of personal data without engaging their counterparts in HR, Sales, Marketing and other customer-centric organisations.
So what’s the solution? This article contends that to ensure proper data protection, businesses need to establish a collaborative approach for delegating accountability and responsibilities. Based on a data-centric shared platform, IT needs to turn everyone in the company who has to deal with sensitive customer or employee data into an agent for better data protection.
However, this decentralised approach for data management also requires controls, rules, monitoring and governance. Otherwise, it will fail. For most companies that must manage personal data related to European data citizens, GDPR mandates the appointment of a Data Protection Officer, whose role is to inform, educate and advise internally on the obligations pursuant to the regulation, assign responsibilities, monitor compliance, and cooperate with the supervisory authority.
While GDPR might appear as a constraint, compliance with which enables organisations to stay in business, and to avoid fines and reputational damage, it could just as well be considered an opportunity to drive customer-centricity and trust. This article argues that to achieve this data-centric approach and to meet all of the new regulatory challenges that GDPR compliance brings, businesses above all need to adopt an approach based on seamless collaboration and data integration.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.