New Wave of Data Compliance Laws (1/2)

Getting Across the New Wave of Data Compliance Laws

Do you do business in North America, Europe, South America, the UK, China, or Singapore? If so, you’re going to have lots of data privacy compliance considerations. A wave of new regulations and rules about data privacy has been coming into force.

You need to take data protection seriously. Ignorance is no defense and the fines for non-compliance could be enough to close any sized business down. Read on for more on the importance of data compliance and how you can protect yourself.

What Lies Behind Data Protection Regulations?

You might be asking yourself why so many laws around data privacy are coming into effect. One of the key drivers is the fallout from digital technology.

It’s only recently that we’ve developed an ability to share information at break-neck speed. That requires a whole new set of regulations to protect the privacy of everyone and their right to keep data about them safe and secure.

The most stringent regulation in the world is the European Union’s (EU’s) GDPR or General Data Protection Regulation. It has not held back from handing out hefty fines to those who don’t comply with it.

Who Do Data Compliance Regulations Apply To?

In GDPR’s first year alone, Google received a penalty of more than $50 million. This was for:

• Failure of transparency
• The company’s vague consent agreements

In short, it broke some of the GDPR’s key principles.

A GDPR fining policy now exists as a framework for determining fine levels depending on the category of violation. It’s yet more evidence that governments are taking the enforcement of data privacy regulation seriously.

It’s important to remember geographical considerations. Many data protection laws will apply to companies operating outside the countries that created them.

So, for example, you and your business may have your headquarters outside of the EU. But, if you do business with residents living inside the EU and process their data, you’ll need to be compliant with the GDPR.

In the U.S.A., California has taken a lead in data compliance rules. It did this with the enactment of the California Consumer Privacy Act (CCPA). This law puts restrictions on companies. These relate to how they handle the Personal Identifiable Information (PII) of consumers.

The Importance of Personal Identifiable Information (PII)

The CCPA spells out the definition of PII in the following way:

• “Information that identifies, relates to, describes, is capable of an association with, or could reasonably link, directly or indirectly, with a particular consumer or household.”

Other states including Vermont are also coming up with new rules and regulations around the handling of PII. The likelihood is that more and more will follow.

Part of the reason for this relates to some high-profile cases. Some businesses or companies have treated the protection of individuals’ data poorly. They may have behaved in an irresponsible way and with what seems like disdain. That’s led to a demand for legislative solutions.

All companies that handle consumer data should be trying to react to these changes. They need a plan of action to address them. They should be asking themselves, “What more can we do?”

Businesses need to concentrate on the ability to:

• Identify and track both structured and unstructured data
• Check for changes when data migrates from one system to another

In the future, the likelihood is that more and more rules around data protection and compliance will come into effect. Given that some of these laws are relatively new, it is fair to assume that there will be amendments made to them and that you will need to keep across them.

What Should Companies Be Doing?

Firstly, they should talk to their legal advisors about which rules and regulations apply to them. They can then assess risk and take steps to mitigate potential problems in the future.

Enterprises of all sizes need to locate and identify all the places where they store personal information. A lack of this knowledge lies at the source of many recent, large data breaches.

PII lurks just about everywhere within companies. Some may exist:

• On servers
• In data lakes that are directly accessible from the internet

If organizations are unclear about the places where sensitive data lives, it’s a problem. That’s because they become vulnerable to hackers and others who want nothing better than to find and use it.

Once you’ve identified your data sources, you can start to make sensible decisions about the levels of protection needed. This will depend on an objective evaluation, risk assessment, and any applicable laws.

iDox.ai is an online document service for any person to redact PII in their PDF and MS Word files. With iDox.ai’s patented AI engine, PII information, such as person names, organization names, emails, addresses, bank accounts, can be automatically detected within a few seconds from a PDF or MS Word file. Please visit the iDox.ai official website for more information.

This article was originally published at: https://idox.ai/intro/blog-detail?blog-id=61ef36c4442269797230f77f