Overcoming the complexity of compliance

Elizabeth Schweyen, Senior Manager of Global Privacy and Compliance at Druva, discusses the complexity of compliance.
Elizabeth Schweyen, Senior Manager of Global Privacy and Compliance at Druva, discusses the complexity of compliance.

The challenges of managing any enterprise in modern times are multifaceted and complex. This particularly rings true with data protection. Businesses are generating millions of data points every day. In fact, it is estimated that the average human created 1.7 MB of data every second throughout 2020 and generates 1.145 trillion MB on a daily basis.

Take a moment and think about how much of this data is directly from businesses – a mind-boggling amount, right? What’s more, these statistics are only set to increase. For example, it is predicted that by 2021, data creation will reach a whopping 180 zettabytes. If you are not familiar with data volume measurements, I can confirm that this is a lot. Despite all of this data, it is an organisation’s responsibility to ensure it is protected and compliant.

An ever-changing compliance landscape

Yet, an evolving regulatory landscape has made it a challenge for organisations to maintain compliance. For example, not so long ago we remember the massive changes that came along with the UK’s Data Protection Act. Though introduced in 2018, the Act merged with the EU’s GDPR legislation and formed a new framework known as the UK GDPR. This became UK law in January 2021 as part of the withdrawal from the EU. Across the pond, we’ve seen the California Consumer Privacy Act (CCPA) go into effect and quickly be amended by the California Privacy Rights Act (CPRA). Colorado, Virginia, and Nevada have all passed their own privacy laws as well.   

Despite ever-changing privacy laws, failure to comply will not only lead to damaged corporate reputations and lost business opportunities, but costly fines. Under GDPR for instance, administrative fines can reach 4 percent of annual global turnover, and more than that, recent research found that over the last year GDPR fines rose 40 percent, totaling $191.5 million.

The largest regulatory fines we’ve seen over the last few years show that organisations are falling short on transparency, and are not disclosing how they manage and collect their data. Google and H&M made waves for this, using data in a way that was not initially communicated to their customers and employees.

The impact of remote work

Adding to these challenges is the shifting work environment. As we all saw, the transition to remote work has been fast and furious for millions of businesses. Remote work has quickly become a preferred way of working, and employees have since called on their employers to put more permanent remote work policies in place so that they can continue this in their future.

Yet remote work comes with its own set of challenges. With an increased adoption of IoT device usage, cloud environments, and SaaS applications, everything in the enterprise has become decentralised. With this, data is now becoming much harder to keep track of. It also makes it incredibly difficult to fulfill a subject access request, since the list of possible data locations and owners becomes nearly infinite. This makes organisations more susceptible to violating privacy regulations.

To add more complexity to the situation, organisations are not only tasked with managing a plethora of company data, but also ensuring proper data hygiene related to COVID-19 health records and personally identified information (PII) when employees do come into the office. Systems should be put into place to set retention periods for this sensitive data and process inbound requests to remove it. Yet, such a process requires a tight integration between HR, security, privacy, and legal teams, and it’s quickly becoming a challenge for many.

The changing regulatory scene is one of the most common challenges faced by companies today – however it should be a launching point for a discussion about ensuring proper data hygiene.

Compliance and data protection equal good data management

Businesses must ensure that they are equipped to ensure compliance, regardless of the working location, conditions or environment.

Some of the best examples of this come from organisations in highly regulated industries, such finance or healthcare. These businesses are successful because they know what data they have at all times, where it is, and who has access to it. This is something all businesses can achieve with the correct strategy in place. Getting there can be broken down into five tasks:

  • Task one – Create a data inventory: make a list of the types of personal data that your organisation collects across all avenues. This includes employee, customer, prospect, and vendor personal information.
  • Task two – Audit how the business manages that data: determine how personal data collected by your organisation flows through the business, and pay particular attention to how that data is collected, processed and stored.
  • Task three – Create a standard data management process: develop a process that centralises management while using distributed data storage because remote workers, personal devices and data residency laws make it impossible to store data in one data center.
  • Task four – Leverage the power of the cloud: use the cloud to connect those various data sources. Once your data is saved to the cloud, you can then extract and enrich the metadata. Metadata enables companies to manage access control, search, and retrieve information across an organisation’s entire data landscape, while storing the data as inexpensively as possible.
  • Task five – Last but not least, automate: by automating the right to be forgotten, the intense manual labour involved in searching through every record and piece of data associated with one individual is removed. This relieves organisations of the concerns associated with manual labour and mistakes. 

READ MORE:

While none of us would have guessed such changes to our working practices would add more complexity to an already convoluted regulatory landscape, we need to ensure that it serves as a reminder of the opportunities that are now in front of us and to build trust with customers and employees in the future. Now is not the time to relax on data privacy. It’s time to support businesses in complying with them, in order to navigate this new landscape successfully.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...