Too many organizations are still complacent despite the many high profile cases of data breach and fines seen since the new data privacy laws introduced last year, and due to be introduces across the United States in the coming months.
Board directors, responsible for governance and compliance, are personally liable for the heavy fines. What is your risk appetite?
Do you know if your organization is compliant?
Do you fully understand the risks involved?
Overconfidence or lethargy: “we won’t be caught” There is a 72 hour limit in which to report a breach Business to business contracts are often not suitable Class/Group Actions are a reality and increasing in number Incorrect Privacy notices present a risk of fines Complaints to the regulatory bodies are on the increase Lack of Registration with a regulatory body is indefensible Data Breaches are a reality
So what Key questions you should be asking your team?
· Can we deliver the 10 data subjects rights to your clients / customers?
· Can we respond appropriately to a data breach and in time?
“If, within the 72 hour time limit, a UK organisation has no clue as to the who, the what, the how of a breach, then it is clear that they do not have the required accountability data checks and balances in place - as required by law.”
Elizabeth Denham, UK Information Commissioner
· Have we mitigated our risks?
These first 7 risk factors above focus on your “liability without a breach” – but can your organization manage and mitigate them?
· Can we create a defensible position?
· Do we need Breach Insurance?
· What do we need to deliver for data protection? (Ask The Trust Bridge about our list of Data Protection deliverables, what a Data Protection Authority could ask: there are 16 core items)
· Do we transfer data from country to country?
· Where is our data stored?
· Do we have a record of processing, which is a legal requirement?
· Do we have EU representation in place?
· Do all our customer facing staff understand their responsibilities and consequences of their actions?
Trust is the driving force behind the major shift that is taking place in the world of private data.
The data economy of the future demands a bridging of the trust gap that exists between the consumer and the organisations with which they interact, requiring greater transparency, responsibility and accountability from these organisations and their senior management.
In this Information Age, success requires investment in data as a core business asset. It is a valuable asset that must be handled with care. Ultimately, rather than harvesting massive amounts of personal data, it is the intelligent use of permissioned data that is key to the success.
The General Data Protection Regulation (GDPR) is about building real lasting Trust.
The intent, backed by strong legislation, is to migrate towards a more trust based, mutually consensual relationship between data processors, controllers and subjects.
● The risks are HUGE for those who do not comply
● Board Directors will be PERSONALLY liable for any breaches of the GDPR
● All employees who have access to the data need to be aware and comply and therefore it is incumbent on organisations to run GDPR awareness and training courses for all staff.
The whole issue has had significant operational ramifications for the holders and processors of personal details. But it cannot be ignored.
GDPR applies to everyone and every organization. And it forms the template of many other data privacy laws being considered around the world.
Do you know if your organisation is compliant?
The Trust Bridge™
The Trust Bridge can provide the wisdom, experience and skills needed to make sure that your organisation satisfies the supervisory authorities and ensures ongoing trust from your employees and customers alike.
Our Subscription model offers a number of levels of service and access to tools, online training, mentoring and support, as an insurance policy to the board of directors that the company and its personnel have immediate access to expert advice.
Contact: Alan Davis 803 348 0000