The Importance Of Having A Data-Protection Compliance Program

Author:Ms Fanny Evans
Profession:Morgan & Morgan

In 2013, Virginia Ginni Rometty - CEO of IBM, said "I would like you to think of big data as the next natural resource that can be to our era what steam, electricity and oil were for the Industrial Age."

Probably, you have read or heard: Data is the new oil! Data is the new bacon! Data is the new currency! These analogies have become very popular because data is now considered one of the most important commodities.

This is the result of the emergence of many successful Social Networks that, although they are not payment platforms, have turned the data into a source of value.

The need for a data-protection compliance program in business is becoming increasingly important after several high-profile leaks of companies' data. Some of the biggest data breaches over the last two years include T-Mobile, Marriot, British Airways, Quora, Google, Orbitz and just recently, Capital One bank in the United States. A successful data breach may occur in less than one minute. Yet, businesses may take more than weeks to realize a breach has occurred.

When giving the first steps into complex waters like data protection, it is very common that companies get lost in the avalanche of legal requirements or in developing that product or service that might result attractive to its clients. However, for a business, changing the focus to issues that they may consider more interesting should never be an option because the results of data breaches include many types of damages: fromreputational to financial. Sometimes it can even affect an entire country as happened with, in my opinion, the wrongfully or unjustifiably called "Panama Papers".

In the European Union, data protection is a fundamental right, and the General Data Protection Regulation (GDPR) which came into force on May 25th, 2018, is the new framework for protecting that right. Other countries are looking to the GDPR as they develop or implement their own laws to protect data.

Even if companies have an "it will not happen to me" approach to data breaches, in many countries, legislation is forcing them to rethink their reasoning. Here is where compliance plays an important role to help to plan a data-protection compliance program.

Here are five steps that can help as guidance when drafting or reviewing your data-protection compliance program:

Understand your risks and legal and ethical obligations One of the most important elements when building a data-protection compliance program is considering your...

To continue reading