If you deal with the personal information of anyone in the European Union (EU), you should know by now that on May 25, 2018, you will face stiff penalties for violating any of the provisions of the General Data Protection Regulation or GDPR. The penalties are 2% of worldwide annual revenue or 10,000,000 EUR If a business fails to comply with its data security obligations. If a company is found to be in breach of other provisions of the GDPR, the fine may be 4%. Currently, no evidence exists that latitude will be given for violations.
If you are a $25m+ for-profit business that collects consumers’ personal information and does business in California, you should be aware of the new rights that the California Consumer Privacy Act (CCPA) gives California consumers. Most companies are not yet compliant or prepared for the impact CCPA will have.
Compliance to GDPR, CCPA and the onslaught of privacy regulations worldwide is serious business. Large companies will easily spend millions of Euro to comply with GDPR for example. It requires organizations to inventory the information they generate or receive, who has access to the information and where the information is stored.
Fortunately, there is an active, well-heeled discipline that can, and does, when mature, address most of the requirements. That discipline is Data Governance. Governance programs should have a data glossary as foundational to serve the inventory needs for compliance. The program should facilitate the data security protocols. It should also be the go-to mobilizable responding force in the event of a breach. Stewardship should be assigned to all elements to provide input to the above.
If you have not established your board, inventoried your data and processes and built a remediation plan (or startup plan) for Data Governance, as you read this, you will have to move quicker than you would like to make the deadline. You will also need to begin hoping you are not in the early list for audit or worse, that a breech occurs.
For a decade, MCG has delivered the expert strategy and implementation services needed to get the most out of Data Governance.
The MCG Compliance Accelerator helps organizations setup Data Governance tailored for compliance.
We utilize smart data discovery products to locate sensitive data and relationships across the enterprise, register data processes and data flows and catalog all sensitive data. In addition, we setup Data Governance for initiatives support and the promotion of data. This includes:
- Data Stewards Assignment and Training
- Data Governance Board Formation
- Data Standards Process
- Data Glossary Setup
- Data Sharing Agreements