January 12, 2018
January 12, 2018
Contributor: Jill Beadle
Take these steps to ensure your organization is in compliance with the new data privacy rules in China, the EU and the U.S.
Credit card numbers, medical records and bank account details — these types of personal information are routinely compromised, so much so that news of data breaches isn’t new anymore. They occur at nearly every type of organization, from email providers and major retailers to banks and government agencies.
The magnitude of these breaches leaves organizations accountable for more than simply improving data protections. The public and regulators expect full disclosure, and they expect it soon after an enterprise becomes aware of an incident. Three new privacy rules will put their ability to do so to the test:
Keeping up with the ever-shifting landscape of data privacy regulation is always a challenge, but in 2018, this promises to be especially difficult. This is compounded by the fact that few organizations have measures in place to comply with all three new regulations. To get ready, they should focus their efforts on the three areas below.
In addition to faster notifications, the new laws require organizations to provide data breach response plans. The EU and China mandate that notifications include details on steps taken to address the compromised information. New York state law, which is specific to the financial services industry, requires organizations to have a written response plan from the outset.
Learn more: Legal and Compliance Leaders Role in Data Protection
Managing third-party risk is a significant challenge for organizations. The risk is spread throughout an enterprise; the average organization works with 5,000 different vendors. That makes it exceedingly difficult to ascertain ownership of data. Vendors were responsible for nearly half of the data breaches in 2015, therefore, organizations must be able to identify and understand potential vulnerabilities.
Governance is a crucial component of all three new regulations. Each requires organizations to appoint a person or team of people who will be held accountable for the change in rules.
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
*Note that some documents may not be available to all Gartner clients.