Anniversaries are a time for reflection, but not always celebration. Ask any privacy professional if they celebrated May 25, the third anniversary of the General Data Protection Regulation (GDPR) going into effect, and I bet most would say no. In many ways, GDPR has made the privacy (and security) landscape much more challenging. This makes it more important than ever to take a holistic approach to data protection and ensure continuous compliance. This article offers three strategies for companies to pursue.
GDPR is a landmark regulation for rebalancing the data relationship between individuals and the organisation that collects and processes their data. It catalyzed similar sweeping regulations worldwide. Within the EU data privacy landscape, Schrems II and ePrivacy Regulation (ePR) has put additional demands on organisations to maintain data compliance globally.
Schrems II: In July 2020, the Schrems II decision effectively invalidated the EU-US Data Privacy Shield. In essence, it means that companies must assess whether any country outside the EU respects data protection required by the GDPR. If not, organisations must take supplementary measures.
ePrivacy Regulation: Still making its way through the EU’s regulatory morass, If approved, the ePrivacy Regulation will regulate electronic communications for service providers who process data of individuals residing in the EU. It would complete the GDPR and create a single data protection standard for the entire EU.
Implications for enterprises: Focus on where privacy and security intersect
There is no doubt that the privacy picture has become murkier in the last three years. And it’s more apparent than ever that different frameworks and policy standards require companies to have specific controls in place to mitigate risk and continuously monitor compliance.
An excellent place to start in assessing where companies stand is ..
Support the originator by clicking the read the rest link below.
