Data protection issues are increasingly prevalent in our society. Scandals, such as Cambridge Analytica harvesting the personal data of millions of Facebook users without their consent, have raised public awareness of how organisations can abuse access to sensitive information.
Regulations have since come into force in order to modernise laws that protect the personal information of individuals. Last year, GDPR was introduced in the EU with one of the highest profile public and business awareness campaigns in modern memory. Everyone, from local businesses to global conglomerates, was left scrambling to meet the May 25th deadline – or risk falling foul of regulators.
Yet, this year the Information Commissioner’s Office (ICO) has handed out some notable fines, stating an intention to heavily penalise both British Airways (£183m) and Marriott Hotels (£99m) for GDPR breaches.
These financial sanctions serve as a stark reminder to businesses about the importance of data protection. Especially given that recent research has indicated that over half of UK businesses are not yet fully compliant with GDPR.
A significant contributing factor to companies being unable to fulfill the requirements of regulators is competing internal priorities and poorly defined areas of responsibility. The tensions between IT security, data protection and commercial departments are a perfect example of overlapping functions making clear accountabilities hard to enforce.
As a result, there is no comprehensive blueprint for compliance – leading to wider project teams struggling through the delivery process, resources being inefficiently deployed and execution becoming delayed.
In order to overcome these challenges, organisations must adopt a more coordinated approach to data protection.
At NTT DATA, we have extensive experience in governance, risk and compliance. Drawing on this expertise, we’ve created a methodology that allows regulation to be converted into executable requirements, impact analysis and downstream execution.
Crucially, this approach enables alignment of stakeholders and strategy with an emphasis on situational transparency and reporting. This is achieved through an intelligent dashboard featuring a ‘compliance heatmap’, Compliance Evidencing progress updates and more.
The heatmap condenses complex processes down into coherent accountability for departments, while the compliance evidencing section reports on any information gathered to reinforce status assertions.
Simply put, this method ensures that resources are being allocated effectively, and gives businesses a comprehensive overview of their progress so they can comply with regulations on deadline.
Building trust and protecting customers
Compliance is clearly growing in complexity. The ICO received approximately 14,000 personal data breach reports in the period between May 25th 2018 to May 1st 2019 – compared with just 3,300 in the previous year.
And new data protection regulations will only add to the difficulties enterprises face. The California Consumer Privacy Act (CCPA) will come into effect in 2020, with similar bills gaining momentum in New York and Washington DC.
There will undoubtedly be equivalencies between legislation, however it’s vital that businesses understand any differences that necessitate extra governance in the global marketplace.
However, that’s not just because of the possible sanctions. Enterprises must embrace regulatory compliance not simply as an enforced transaction cost, but as an opportunity to demonstrate their commitment to protecting customers. We believe this mutual trust is a foundational principle of the digital economy.
By implementing an optimised compliance framework, businesses of any size can avoid complacency when facing the regulatory challenges ahead – as the data protection environment continues to mature over the coming years.
To find out more about how you can enhance your compliance capabilities to meet the regulatory challenges of the future, please contact Ken Jones, Delivery Director, Impact, NTT DATA