Stringent privacy rules are emerging worldwide. Increasingly, security, risk, and privacy professionals believe that maintaining compliance with global privacy regulations is one of their top challenges. Coupled with the rise of globally dispersed workforces and working from home requirements, extraordinary pressures are being placed on every organization's cybersecurity.
With statistics showing the average cost of a data breach has risen by 10% over a five-year period to $3.86M in 2020, it is crucial that your organization understands what is at stake, and then puts data privacy and cybersecurity firmly on the Boardroom's agenda.
Following our recent webinar on The Ever-Evolving Data Privacy Landscape guest speaker and principal analyst at Forrester, Enza Iannopollo, has answered some of the pressing questions we have seen when it comes to building the foundation of your data security strategy. The first question in this series is regarding understanding and compliance of GDPR.
Q: With all the various pieces of compliance legislation either now in place or soon to be implemented, gaining a detailed understanding of them all will be a huge or even impossible undertaking. Would understanding and complying with the European Union’s General Data Protection Regulation (GDPR) serve as a suitable umbrella solution?
Enza: GDPR has been a pivotal event in the world of privacy. Some of its key requirements, such as individuals’ privacy rights or breach notification and organizational accountability requirements for example, have shaped privacy bills that have been adopted after it, and the ones that are under discussion today.
Legislation in California, Virginia, Brazil, Thailand, China, etc. are all good examples of the trend. Specific requirements have their own unique details, but GDPR is still the reference point for organizations that must comply with multiple regulations. And, if an organization has developed best practices about data discovery and classification, for example, and has built dynamic data flows for GDPR compliance, these initiatives will facilitate significantly the challenge of meeting compliance requirements with other current and upcoming privacy regulations.