GDPR: The Start of a Perfect Storm for Data Privacy and Protection
GDPR has galvanized the need for data privacy and protection. In conjunction with social media privacy concerns and the seeming avalanche of regional and state privacy regulations, the focus on data privacy has accelerated beyond any past predictions.
Witness the growth and interest in the International Association of Privacy Professionals (IAPP). Membership has grown to 60,000 privacy professionals worldwide and their regional privacy events frequently sell out. They must sift through hundreds of presentation submissions to fill only dozens of open speaking slots.
GDPR has also spawned new legislation from several nations and states. California has enacted the CaCPA, and on July 6, the European Commission and the Japanese government published a joint statement on international transfers of personal data. More countries and states are expected to announce regulations, and the United States continues to show growing interest in enacting a national uniform privacy law.
At the recent ISSA CISO Summit in Denver, Informatica’s Chief Trust Officer, Bill Burns, presented to dozens of CISOs and privacy officers on the need for data privacy in organizations. Many of the CISOs reported that data privacy and protection is now a topic of board discussions; and they are not looking for education, but action. Many boards now expect a quarterly briefing on data privacy and security.
Consumer awareness of data privacy and security continues to grow as well. In numerous surveys and polls, consumers have indicated that trust is a key factor in purchase decisions. In fact, research suggests trust is more important than price.
At Informatica, we have witnessed these trends with new customers who are proactively implementing board-mandated data privacy and protection measures for compliance with all privacy regulations. The boards of these organizations recognize the value of data privacy and protection for retaining customer trust and gaining a competitive advantage.
GDPR has created a perfect storm – and an opportunity – for organizations to view data privacy and protection holistically. We believe this is a continuous process to ensure that organizations understand the personal and sensitive data they hold, proactively remediate risks, monitor data for new threats and manage privacy rights such as data subject access and consent requests. We call this approach intelligent data security, which can serve as a foundation for a systemic data privacy and protection program. This approach offers capabilities to assess, protect and manage personal and sensitive data across the enterprise.
Simply stated, organizations need the following capabilities to continuously analyze, protect, monitor, manage and measure compliance:
- Define and manage governance policies
- Discover and classify personal and sensitive data, and understand how it is being used and shared
- Link identities to sensitive data for intelligence on individual’s data
- Analyze the data’s risk and prioritize remediation
- Put the intelligence to action: protect data, manage subject rights and consents
- Measure, communicate, audit readiness
In summary, the market forces behind data privacy, spawned and catalyzed by GDPR, strongly suggest that all organizations embrace a unified approach to data privacy and protection. And all indicators suggest these market forces will only grower stronger in the foreseeable future.
Planning for 2019 is already underway in many organization, and security and privacy officers should consider how they will meet the exponential needs for data privacy and protection. Not only is it prudent given the current and expected demands of regulators and customers, but boards and customers, will expect it.
About Informatica Data Privacy and Protection: Informatica’s Data Privacy and Protection solution enables organizations to continuously improve data privacy and protection, discover new and existing data assets, analyze data risk across the enterprise, link identities to sensitive data, understand the impact of data protection before implementation and automate protection workflows for privacy and security teams. Organizations can then monitor for new risk and measure their progress for compliance to regulations and internal policies.