The current messaging one hears nowadays is that the EU General Data Protection Regulation (GDPR) has radically changed the way business is conducted worldwide. In fact, the reality is that data protection laws have been with us for over 20 years, starting from the EU Directive in 1995. The GDPR and other data protection and privacy regulations focus on protecting against the unauthorized use of and access to personally identifiable information.
Manos Roussos, Arianna Sekeri and Alexandros Manousakis
What is new are the many types of privacy compliance models that businesses now need to comply with to satisfy legal requirements, both today and in the decade ahead. Key questions remain:
- What is the level of compliance that my organization has achieved?
- What type of financial and legal risks exist, based on current interpretations and enforcement decisions by Data Protection Authorities?
- How can my organization demonstrate an adequate compliance level with GDPR and other privacy regulations?
Implementation is always a priority, but often becomes challenging due to limited budgets and resources. A crucial point is to prioritize and use the budget in the most effective way with lower-cost resources. Even with appropriate budgets, implementation can be derailed or slowed down due to less than optimal designation of roles and responsibilities within a company.
The above problems can be dealt with in a more efficient way through the deployment of technology solutions to support the human collaboration. The risk of a company may be assessed much more efficiently using an objective methodology, which will be reflected in terms of clear metrics. It is key to avoid the “single point of failure” risk: being too dependent on “less engaged” internal individuals who are not dedicated fully to the data privacy program objectives. Using a modern technology tool, a company can quickly document its needs, retain know-how easily and identify how to resolve problems on a timely basis.
Any compliance metrics tool must assess important metrics areas such as organizational model, technical measures, third parties/data subjects, etc. along with potential sub-categories. Such metrics serve to evaluate each company’s privacy compliance status against specific quantitative indicators. In addition, each organization should perform data privacy audits to demonstrate the evolution of any ongoing compliance program, with a strong focus on future changes, in order to maintain the required compliance level. Compliance requires a mindset of constant improvement.
There is not one tool that fits all, so each organization should ensure the selection of the “right-sized” one. Best practice would be to test the functionality of the risk assessment compliance tool, since there are many available on the market. PrivIntelligent Solutions’ Compliance Metrics Tracker adds value by assisting organizations in their data privacy compliance assessment and implementation activities.
Corporate Compliance and Transparency in Life Sciences
20 - 21 February 2019 Zurich, Switzerland