Always on data privacy and GDPR–the visibility to act
More personally identifiable data is being created and processed than ever before. This data powers commercial success and delivers services that customers value. However, the potentially negative impact of how this data is processed on the credit ratings, privacy, and everyday lives of citizens has not been lost on legislators. The EU General Data Protection Regulation (GDPR), the Australian Privacy Amendment (Notifiable Data Breaches) Act 2017, and proposed US National Data Breach Notification Standard are all examples of a global trend toward data privacy regulation.
SEE IT THROUGH FRESH EYES
In this new era of greater responsibility for personal data, the inability to detect and respond to data according to data privacy regulations is business critical. Extended delays responding to inbound queries, data breaches, or litigation can be crippling to businesses.
Data privacy regulations, like GDPR, are multi-faceted. GDPR is more than just another data regulation with fines for audited non-compliance. Its provisions have been carefully designed and have far-reaching consequences. Focusing solely on remedying data breaches, answering subject access or freedom in information queries, or complying with ‘right to be forgotten’ regulations isn’t nearly enough.
Data privacy regulations require you to correctly identify and protected data at all times, account for those assets and, if needed, release records to authorized personnel under specific circumstances. All of this must be accomplished under the weight of potentially heavy fines—in the case of GDPR, the penalty for non-compliance can be up to 4 percent of an organizations global gross revenue or €20 million, whichever is greater.
The good news is that you’re likely not starting from scratch when it comes to your data privacy program. Most organizations have a need to store, tag, encrypt, and move data held within their systems. Nuix works with a Connected Intelligence approach that works for data professionals, helping them unlock their resources and work smarter.
Nuix approaches data privacy based on three interlocked pillars:
- Identification. Assessing risk is the vital first step to successful compliance. Nuix can quickly identify the data sets most relevant to data privacy policies and locating the data that is likely to be in scope. Using pattern recognition, the data strings most likely to be an issue are then mapped to specific endpoints, cloud and network storage, third party repositories, and mobile devices. Knowing where your data is located is a critical first step.
- Information management. Once data is identified, it can be processed, collated, and catalogued for rapid remediation based on criteria such as risk urgency, availability, and size. An ‘always on’ solution requires two sets of process; one for consumer-led enquiries such as freedom of information, subject access, and right to be forgotten, and one for breach notifications, both internal and to the regulators.
- Monitoring. Establishing an ‘always on’ capability means your data privacy processes drive better data hygiene. Making consumer-led requests for data part of your business as usual processes improves customer relations while keeping costs for compliance as low as possible. However, the ‘side’ benefits are even more compelling. These include a stronger capability to detect data exfiltration and close off breach attack vectors, based on real-world vigilance of where personally identifiable data is at all times.
There is one proven, forensics-grade platform used in thousands of successful legal defense and prosecution cases, trusted by regulators and legal teams globally. Nuix. That power and trust can help you drive a successful, ‘always on’ data privacy program.
While GDPR or compliance with other data privacy regulations appears overwhelming, the new regulations can help you:
- Improve data efficiency and protection
- Enhance customer relationships
- Build a stronger defense against future pain and additional, potentially prohibitive, costs.
Download our latest GDPR White Paper
Most organizations are well aware of the intention and scope of the EU’s General Data Protection Regulation. Yet the world waits in suspense to witness a successful GDPR prosecution. As a result of their ‘Wait and See’ policy, some organizations have put their faith in solutions designed for the pre-GDPR era. This is a strategic error.