Understanding Real-Time Data Protection Challenges with Industry Experts
Data regulations are evolving at a feverish pace with more than 120 countries engaged in some form of international privacy laws for protection of citizens’ personal data1. Advancement in technology, improved cross-border operations, and increased number of data breaches have all contributed to the continuous development of these regulations. However, sustained data proliferation, data localization, and cost associated with compliance failures, continues to plague organizations, large and small.
With continuous transformation of new and existing international data protection laws such as GDPR in Europe, CCPA in the US, LGPD in Brazil, POPIA in South Africa, and Data Protection Act in India, it has become quite overwhelming for organizations to stay updated with the overarching norms of collecting, using, storing, and processing of customers’ personal data.
This article focuses on 5 pressing issues that confront organizations and identifies measures they need to implement to stay in control of their processes and highlights the best practices for data protection and achieving regulatory compliance.
Overcoming the Challenge of Context-Driven Identification of Data
“Any sensitive data that is necessary for organizations for their business operations and cannot be permanently deleted, must always be stored or processed in a secure way.”
– Aurobinda Patra, Solution Architect & BU Head – Cybersecurity Products at SISA
It’s important for organizations that handle huge data sets to be aware of any information that may indirectly identify an individual. To identify such data and comply with data privacy laws, the first step for organizations is to acknowledge the different types of data they collect and their locations. The next step is to create a data inventory or repository to classify the different data sets and map them to the different definitions of personal or sensitive data and subsequently implement the required controls.
The use of automation tools and solutions such as automated Data Discovery and Classification help understand the data flow, improve visibility and enable organizations to take swift measures to meet compliance requirements. Using such tools, organizations can identify and classify sensitive data along with defining the risk scores and data retention policies for each data set. Based on the findings, remediation actions such as masking, truncating, deleting, or quarantining the data further help ensure that the data is securely stored and processed.
Increased Customer Expectations
While the pandemic accelerated digital transformation across industries, it also led to a rise in the number of consumer data breaches, raising concerns around data privacy and protection. Data is a key asset for businesses and can enable the development of new products and services, drive innovation and deliver enhanced customer experiences.
However, consumers are less likely to share personally identifiable information unless they have complete knowledge of the purpose that it is being collected for, and its availability to party/parties concerned. The lack of trust, while understandable, can be addressed if organizations adopt a privacy-first approach to retain customer trust and improve customer engagement. Consumers are more likely to trust organizations that collect information relevant to their services, request their consent before using it, and take proactive measures to protect it from risks.
Implementing Privacy by Design
“The permissions required by your application should always tie back to the purpose of the application.”
– Rahul Prasad, Deputy Vice President – Data Privacy Office at HDFC Bank Limited
Organizations must ensure that all their policies and procedures honor the privacy of the customer and provide it by default. For example, organizations must seek explicit permission from their customers, such that it neither affects the customer experience nor the business performance and the balance is maintained. A comprehensive approach to incorporate these measures into an organization’s systems and operations can help meet compliance standards as well as safeguard the personal and confidential data of customers, employees, and business partners.
Managing Data Retention Schedules
There are certain data protection regulations that mandate organizations to purge the data once its purpose is over. On the other hand, there are laws and compliance requirements which require organizations to store the data for a set period. To overcome the challenge of juggling all the regulatory compliances, organizations must engage with legal teams to recognize their regulatory liability and set data retention schedules. Based on that identification, enterprises can define retention policies by leveraging tools that automate the process of deleting or quarantining data sets through the application itself.
Handling Data Subject Requests
An entity or an individual such as a Data Fiduciary, that primarily decides the purpose of processing personal data in an organization is also liable to honor the data subject requests of deleting that data. Understanding the flow of data is crucial to know where the data lies in the organization and adhere to such requests. As manual identification of such information is challenging, periodical scans through automated tools help discover the kind of data that is stored and at what locations. Some improved algorithms also let organizations map the data by referring to usernames and email IDs such that the application automatically looks for the data related to the specific request.
“One of the key things we try to bring out through our solutions is to provide DPOs or CISOs with one single pane of glass view across the enterprise including work from home and cloud, from where they can manage the entire data life cycle process.”
– Dharshan Shanthamurthy, Founder & CEO, SISA
For a more detailed discussion on challenges of data protection and the steps organizations can take to overcome them, watch our Panel Discussion on “Data Protection: 5 Real-Time Challenges businesses need to be prepared for”.