GDPR Do-Over: Thousands of Breaches, Millions in Fines Point to More Work Ahead
Companies have experienced a big wake up call due to new data privacy laws, and more work obviously needs to be done.
Despite years of preparation to become compliant with the European Union’s General Data Protection Regulation, effective in May 2018, breach notifications have exceeded 160,000 in Europe, with imposed and threatened fines in the millions of dollars.
That so many companies weren’t GDPR prepared was wake up call No. 1. That regulators are taking action is wake up call No. 2. Look for “many more fines,” says Patrick Van Eecke, chair of DLA Piper’s international data protection practices.
GDPR won’t be the only regulatory hurdle. Look for more citations and fines due to the newer California Consumer Privacy Act, and other privacy regulations expected to come to fruition.Before you continue reading, how about a follow on LinkedIn?
The big lesson from the GDPR failures is that getting privacy and data protection right requires a data-centric approach to everything you do. Companies starting from scratch can more easily pull off “privacy by design” with new products, services and processes. But the vast majority of companies have tons of data in silos, data lakes and other places and cannot start from scratch.
Here are four steps to help those companies move toward regulatory compliance, and to be more skilled in safely sharing data across ecosystems of customers and suppliers. By being able to safely share analytics, companies will achieve a competitive advantage.
Step 1: Understand what data you have. This means all data, even legacy data. Figure out where the data came from, how it got to you, where it goes from the data lake, who has access to what data and why they have access. Company security officers should have this information so they’re a good first resource. By inventorying data, you more readily identify exposures in terms of privacy regulations.
Step 2...