Overcoming the complexity of compliance

Elizabeth Schweyen, Senior Manager of Global Privacy and Compliance at Druva, discusses the complexity of compliance.
Elizabeth Schweyen, Senior Manager of Global Privacy and Compliance at Druva, discusses the complexity of compliance.

The challenges of managing any enterprise in modern times are multifaceted and complex. This particularly rings true with data protection. Businesses are generating millions of data points every day. In fact, it is estimated that the average human created 1.7 MB of data every second throughout 2020 and generates 1.145 trillion MB on a daily basis.

Take a moment and think about how much of this data is directly from businesses – a mind-boggling amount, right? What’s more, these statistics are only set to increase. For example, it is predicted that by 2021, data creation will reach a whopping 180 zettabytes. If you are not familiar with data volume measurements, I can confirm that this is a lot. Despite all of this data, it is an organisation’s responsibility to ensure it is protected and compliant.

An ever-changing compliance landscape

Yet, an evolving regulatory landscape has made it a challenge for organisations to maintain compliance. For example, not so long ago we remember the massive changes that came along with the UK’s Data Protection Act. Though introduced in 2018, the Act merged with the EU’s GDPR legislation and formed a new framework known as the UK GDPR. This became UK law in January 2021 as part of the withdrawal from the EU. Across the pond, we’ve seen the California Consumer Privacy Act (CCPA) go into effect and quickly be amended by the California Privacy Rights Act (CPRA). Colorado, Virginia, and Nevada have all passed their own privacy laws as well.   

Despite ever-changing privacy laws, failure to comply will not only lead to damaged corporate reputations and lost business opportunities, but costly fines. Under GDPR for instance, administrative fines can reach 4 percent of annual global turnover, and more than that, recent research found that over the last year GDPR fines rose 40 percent, totaling $191.5 million.

The largest regulatory fines we’ve seen over the last few years show that organisations are falling short on transparency, and are not disclosing how they manage and collect their data. Google and H&M made waves for this, using data in a way that was not initially communicated to their customers and employees.

The impact of remote work

Adding to these challenges is the shifting work environment. As we all saw, the transition to remote work has been fast and furious for millions of businesses. Remote work has quickly become a preferred way of working, and employees have since called on their employers to put more permanent remote work policies in place so that they can continue this in their future.

Yet remote work comes with its own set of challenges. With an increased adoption of IoT device usage, cloud environments, and SaaS applications, everything in the enterprise has become decentralised. With this, data is now becoming much harder to keep track of. It also makes it incredibly difficult to fulfill a subject access request, since the list of possible data locations and owners becomes nearly infinite. This makes organisations more susceptible to violating privacy regulations.

To add more complexity to the situation, organisations are not only tasked with managing a plethora of company data, but also ensuring proper data hygiene related to COVID-19 health records and personally identified information (PII) when employees do come into the office. Systems should be put into place to set retention periods for this sensitive data and process inbound requests to remove it. Yet, such a process requires a tight integration between HR, security, privacy, and legal teams, and it’s quickly becoming a challenge for many.

The changing regulatory scene is one of the most common challenges faced by companies today – however it should be a launching point for a discussion about ensuring proper data hygiene.

Compliance and data protection equal good data management

Businesses must ensure that they are equipped to ensure compliance, regardless of the working location, conditions or environment.

Some of the best examples of this come from organisations in highly regulated industries, such finance or healthcare. These businesses are successful because they know what data they have at all times, where it is, and who has access to it. This is something all businesses can achieve with the correct strategy in place. Getting there can be broken down into five tasks:

  • Task one – Create a data inventory: make a list of the types of personal data that your organisation collects across all avenues. This includes employee, customer, prospect, and vendor personal information.
  • Task two – Audit how the business manages that data: determine how personal data collected by your organisation flows through the business, and pay particular attention to how that data is collected, processed and stored.
  • Task three – Create a standard data management process: develop a process that centralises management while using distributed data storage because remote workers, personal devices and data residency laws make it impossible to store data in one data center.
  • Task four – Leverage the power of the cloud: use the cloud to connect those various data sources. Once your data is saved to the cloud, you can then extract and enrich the metadata. Metadata enables companies to manage access control, search, and retrieve information across an organisation’s entire data landscape, while storing the data as inexpensively as possible.
  • Task five – Last but not least, automate: by automating the right to be forgotten, the intense manual labour involved in searching through every record and piece of data associated with one individual is removed. This relieves organisations of the concerns associated with manual labour and mistakes. 

READ MORE:

While none of us would have guessed such changes to our working practices would add more complexity to an already convoluted regulatory landscape, we need to ensure that it serves as a reminder of the opportunities that are now in front of us and to build trust with customers and employees in the future. Now is not the time to relax on data privacy. It’s time to support businesses in complying with them, in order to navigate this new landscape successfully.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...