[BreachExchange] The Best Way to Future-proof Any Business
Audrey McNeil
audrey at riskbasedsecurity.com
Thu May 16 20:25:47 EDT 2019
https://www.entrepreneur.com/article/333773
As we approach the first anniversary of European Union's General Data
Protection Regulation (GDPR), it is important to remember that the future
of GDPR global compliance isn’t about penalizing organizations, it’s about
protecting the consumer.
It is about businesses having the technology and expertise to make the
critical principles of trust and transparency the bedrock on which their
organization is built—wherever in the world they are.
While we have seen examples of companies “pulling the plug” because of the
complexities around GDPR implementation, Australian organizations are
coming around to the view - albeit slowly - that customer data doesn’t
belong to them, it actually belongs to the customer; and that it is their
responsibility to transform operations in order to respect data and privacy
rights.
Privacy Matters
The GDPR is really only now revving up for action on behalf of the
consumer. It positioned data handling and privacy as a human right, so for
businesses worldwide there is no turning away from their obligations under
it.
As the world continues to shine a spotlight on GDPR, cyber-attacks continue
to skyrocket globally. In response, business executives are facing growing
scrutiny over cybersecurity measures, and in response, risk and compliance
management has become a critical part of operational and strategic
decision-making, not just a tickbox exercise.
Ground Report
Businesses must have simple and transparent compliance systems in place
that effectively map out processes against regulatory frameworks, such as
GDPR, to give them full visibility of areas where they are handling data,
what is required, the risks involved and how to lessen the impact these
risks could have on the company at large.
By identifying where the risks lie in processes, businesses will enable
employees to apply relevant controls. In cases where an incident has
already occurred, businesses can extract value to report breaches, discover
what processes are impacted, identify potential further risks and controls
in place, or apply those controls where they don’t already exist.
Essentially, businesses can keep a log of recorded breaches to learn from,
speeding up detection and configuring workflows to meet requirements based
on the nature of the breach, as well as conduct analysis.
In fact, truly understanding processes is necessary for compliance.
Companies that have addressed processes rather than limited their actions
to simply protecting their database from breaches will be in a more
defensible position. In other words, if an organization has made a
“sufficient” effort to locate all the instances of the use of an
individual’s data, then even if the effort was not 100 per cent successful,
the intent would be recognized.
Therefore, a lack of preparation around GDPR could and will prove
disastrous for a company in 2019, costing them dearly. Just “meeting” the
challenges of the GDPR’s framework is not good enough. Businesses need to
be prioritizing surpassing expectations and looking well into the future,
because in addition to identifying and managing risk and compliance, the
GDPR is about ensuring all employees are operating in accordance with a
business’ risk framework and that all projects are being completed in a
compliant way.
In short, in today’s digital age, robust and proactive risk and compliance
management is a must to future-proof any business. GDPR is not a once off
consideration. It requires ongoing analysis, constant testing of processes
to monitor for potential breaches, as well as company-wide buy-in—ruling
complacency out of the equation for Australian business leaders today.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190516/29a348f2/attachment.html>
More information about the BreachExchange
mailing list