With so many new regulations and policies to manage, how are organizations creating a unified data protection and compliance strategy that meets conflicting requirements? This was the topic of discussion in an executive boardroom session moderated by PKWARE at last week’s Evanta CISO Executive Summit in Milwaukee.
Executive boardrooms—private, interactive sessions designed to create a dialogue around a key topic—are popular events, allowing attendees to join their peers and learn how others are executing and thinking about their data security initiatives. The topic for the Milwaukee boardroom was “Managing the Convergence of Global Data Regulations.”
There was no shortage of material for discussion. Because Europe’s GDPR caused organizations to scramble to meet data protection directives and reassess risk management, cybersecurity laws have been passed in New York, Colorado, Ohio, and many other US states. With the California Consumer Privacy Act taking effect on January 1, 2020, there’s additional pressure on companies to identify and fix their compliance gaps.
So how are organizations navigating the constantly changing regulatory landscape? Here are some of the recurring themes and key takeaways that emerged from the session:
Respect the Spirit of the Law
The task of finding and securing sensitive data can be complex. Many organizations are still working to determine what they need to do to fully protect their data. It’s important to be smart and protect the most important data first. Your organization’s security may never be perfect, but if you focus on being a good steward of sensitive data, you’ll avoid unnecessary problems.
Executive Involvement Makes a Difference
Companies whose senior leaders were engaged in the process tended to have more success in their GDPR compliance journeys. Executive involvement made it easier to get the necessary resources, and to communicate the importance of compliance throughout the organization.
Internal Partnerships are Essential
A partnership between your organization’s IT and legal departments is critical to success in achieving compliance. Together, these departments can create and implement an effective framework for data security compliance.
Take Your Cues from GDPR
Many organizations are still struggling to figure out where to begin when it comes to complying with the growing list of data security regulations. Many of the newer laws have followed the GDPR’s basic approach, which makes it a good place to start. Once your organization has met its GDPR obligations, it should be easy to identify any remaining actions needed to comply with state regulations.
More cybersecurity laws will be moving through state legislatures each year, so the conversation about compliance is only beginning. If your organization needs to meet requirements under GDPR, the California Consumer Privacy Act, NYCRR 500, or all of the above, be sure to explore PKWARE’s automated data security and compliance solutions today. Get your free demo now.