Posts

THE GDPR BUSINESS VALUE ROADMAP

/in , , /by

Getting a good understanding of the requirements but also the opportunities and business value is not easy. We designed a GDPR business value roadmap to help you with this and also make you understand what capabilities you need to get the job done.  


1
2
3
4
1

  • How will you understand what in-scope data is used for, for what purpose and by whom?
  • How will you demonstrate how you’re aligning to the principles?
  • Is your approach mostly manual, using interviews, questionnaires & static documentation?
  • Is your approach inaccurate, time consuming, resource consuming, out-of-date –or all of the these?


2

  • Do you understand where in-scope data is across your organisation and how it is shared?
  • How will you demonstrate you understand the size & shape of the data problem across domains and data subjects?
  • Is your approach mostly manual, using interviews, questionnaires & static documentation?
  • Is this approach inaccurate, time consuming, resource consuming, out-of-date –or all of the these?

3

  • How will you capture, manage and distribute consents across channels and business units?
  • How will you demonstrate you have captured the lawfulness of processing across all in-scope data sources?
  • Do you have anything in place already? Or are you planning on extending existing preferences capabilities?

4

  • How will you put protections and controls around identified in-scope data?
  • Can you demonstrate you have relevant control over the relevant in-scope data?
  • Are you planning to manually apply controls? Or apply masking, deletion & archiving solutions as required?
  • Will this approach give you a holistic view around the protections & controls you have in place?





Complete the form and download this Datalumen infogram (A3 PDF).



The Datalumen privacy policy can be consulted here.

More info on our Advisory Services?

Would you like to know what Datalumen can also mean to your GDPR or other data governance initiatives?

Have a look at our GDPR or Data Governance
contact us and start our Data Conversation.



THE NEVER ENDING WRESTLING GAME OF DATA SECURITY IN THE CLOUD

/in /by

Despite the growing popularity and actual implementations of cloud applications, the majority of organizations today are not adjusting their governance to secure their cloud data. This is illustrated by The 2016 Global Data Security Report conducted by the Ponemon Institute.

3 KEY FINDINGS FROM “THE 2016 GLOBAL CLOUD DATA SECURITY STUDY”

  • Half of all cloud services and corporate data stored in the cloud are not controlled by IT departments
    On average, 47% of all data in the cloud is not managed by the IT department. You can argue about who should actually be in the driver’s seat when talking flexibility, time to market, etc. However involvement from your security staff is something else and should be a no-brainer. The risk of shadow IT initiatives that go under the radar basically makes that your cloud data is typically the weakest link and generates the highest risk.
  • Only a third of sensitive data stored in cloud-based applications is encrypted
    72% of the respondents believes that protecting sensitive information through data encryption and data tokenization is important. In contradiction with this, only 34% says their Software-as-a-Service (SaaS) data is indeed encrypted or tokenized. Relying on the security function-features from a Cloud platform provider is one thing, it still doesn’t guarantee that your sensitive data is really secure. The only way to get there is using the proper encryption techniques and best practice is that you use the same policies and technology across your complete data landscape (on-premise and cloud).
  • More than half of companies do not have a proactive approach for compliance with privacy and security regulations for data in cloud environments
    73% of about 3500 participants indicated that cloud services and platforms are important. 81% even confirmed that the importance of cloud in the next two years will grow. Despite this trend, 54% says that their organization has no proactive data protection approach. With compliance regulations like the General Data Protection Regulation (GDPR) in mind, this seems a rather scary and risky thought.


THE REALITY GAP

The fact that companies are wrestling with protecting cloud data is somehow caused by the idea that these platforms and data are managed by an external party. Companies should realize that when they approach their data governance agenda, it is linked to both their traditional on-premise and remote cloud data. The data reality is hybrid and the idea of your cloud platforms being disconnected islands is long gone. A uniform and consistent data protection approach covering all your data, regardless of the location, is in essence what companies should target.

More details on GDPR & data protection and how it can minimize your risk?

Click here and have a look at our GDPR landing page.

.