Privacy has become a front-and-center compliance risk in organizations around the world. GDPR (Europe), CCPA (California), APP (Australia), PIPEDA (Canada), PDO (Hong Kong), PIPA (Japan), ECTA (South Africa)…the world of privacy compliance is like a bowl of alphabet soup, yet this list just highlights some of many privacy regulations bearing down on organizations.
The challenge with privacy compliance is that business is dynamic. It changes minute by minute and second by second. Personal data is pervasive across the data and processes of an organization (e.g., employee data, customer data, and sales data). You may have been on top of your privacy obligations at the end of 2019, but the organization has changed significantly over the past few weeks and now also has CCPA compliance to worry about. Processes have changed, the business has changed, employees have changed, third parties have changed, your customers have changed.
Privacy compliance management has to be continuously managed and monitored in organizations. It is not a point in time effort but one that has to be addressed in the context of continuous organizational change. Privacy compliance is about identifying and mitigating the compliance, brand, and business risks associated with processing personal data. It is about managing risks across the full lifecycle of data in an organization and its web of processes, transactions, relationships, and interactions.
1. Appoint . . .
[this is a guest blog by GRC 20/20’s Michael Rasmussen published on the Mitratech blog. The rest of the blog can be read at the link below]