The wave of new, tougher compliance regulations springing up worldwide can be disconcerting for organizations, regardless of how they engage with and serve their customers. This two-part blog aims to provide some recommendations to help those attempting to deal with the security aspects of data privacy as organizations begin to prepare for new regulations, including the California Consumer Privacy Act (CCPA).
If your organization does business with customers in multiple regions and thus must comply with multiple privacy regulations, a suggested best practice is to address them as a single, combined initiative. Take a unified approach to data privacy. Identify best practices and how they can address compliance requirements common to the myriad regulations, and then align them to the most stringent aspects. Such an approach can help you avoid duplicate or even conflicting efforts, potentially saving significant time and money.
While technology is a vital part of managing privacy, practitioners should not expect it to be the only expense in the journey toward achieving data privacy compliance. According to TrustArc, 61 percent of organizations expect to need third-party technical consulting, and 55 percent expect to engage legal consulting. Forty-five percent will need additional personnel training to develop, deliver and follow augmented policies and procedures for privacy compliance.
It’s important to remember that compliance for its own sake is not security, but creating a robust security program that addresses compliance needs will serve you well. It is important to note that approaching compliance as a separate effort, rather than as an integral part of the security program, may cause problems.
Here are some best practice considerations to im ..
Support the originator by clicking the read the rest link below.
