With the pending European Union’s (EU) General Data Protection Regulation (GDPR) set to have major implications on not only European organizations, but all companies operating globally, the ISACA-supported global Data Privacy Day (DPD) on 28 January is as relevant as ever.
The GDPR would impose severe penalties on companies that fail to comply with strict data protection requirements. It is designed to strengthen and unify data protection for EU residents, and addresses the export of personal data outside the EU. The European Commission's goals for the GDPR were to give citizens control of their personal data and simplify the regulatory environment for international business.
The importance of data privacy is not lost on ISACA and its constituents. In a recent ISACA survey of privacy and risk professionals more than half said consumers should not be confident that companies are adequately protecting their information. In fact, only 29 percent of the respondents were very confident in their enterprise’s ability to ensure the privacy of its sensitive data. Nearly one in five said they had experienced a material privacy breach.
These findings are examples of why ISACA has supported Data Privacy Day since January 2013. DPD is an international effort held each year on 28 January to create awareness around the importance of privacy and protecting personal information. As a DPD champion, ISACA recognizes and supports the principle that organizations, businesses and government all share the responsibility of being conscientious stewards of personal information by respecting privacy, safeguarding data and enabling trust.
Data privacy has always been a huge issue for information systems professionals and the organizations for which they work. With the European Union’s GDPR taking effect two years after it is approved—and backed up by potentially serious financial penalties—data privacy has never been more important.
The GDPR will bring big changes for data protection in Europe, but it will also have a significant impact on all businesses operating globally. Companies need to start planning for the impact that the GDPR will bring and move toward compliance sooner rather than later.
Respondents to the ISACA Privacy Survey cited a complex international legal and regulatory landscape and lack of clarity on roles and responsibilities as two of the main barriers to establishing a successful privacy program. The GDPR was designed to simplify the EU’s legal and regulatory landscape regarding data privacy.
ISACA survey respondents said the most commonly reported privacy failures were due to a lack of training or poor training, a data breach/leakage, and failure to perform risk assessments.
According to ISACA’s survey report, Keeping a Lock on Privacy: How Enterprises Are Managing Their Privacy Function, the seven key components of an effective privacy program are:
- Appropriate staffing
- Positioning of privacy function at a high level in the organization chart
- Privacy-protection culture
- Privacy awareness training
- Globally accepted frameworks/standards
- Metrics and monitoring program effectiveness
- Compliance with data-protection legal requirements
In recognition of Data Privacy Day, ISACA, in conjunction with the International Association of Privacy Professionals (IAPP), will host a Professional Guidance Roundtable webinar sponsored by RSA. Titled What the GDPR Will Mean to Global Businesses, the 28 January webinar will involve a panel discussion with both US and European professionals providing perspectives on the regulation and how it will impact global businesses. Please join us to learn more about this important topic.