People are more interested in how companies use their personal information. GDPR ensures that enterprises comply with and oblige certain conditions to use, maintain, and analyze the personal data. While Singapore has been implementing Personal Data Protection Act (PDPA) for six years, the ePrivacy Regulation is yet to make progress. However, when the latter comes up to speed, it would create more waves of reformation than PDPA or GDPR.
Data leaders must understand their role in digital transformation and digital rights management. Though every company will have its own take on risks involved, dialogues will be made on consumers’ notion about data protection and the actual scenarios about the same. You must be wary about two areas—consumer and class-action lawsuits. Consumers that feel their rights have been infringed upon and are affected by such actions, can ask for compensations from the defaulter companies.
Consumers do not need official EU litigators to file a case against defaulters. Based on your threat modeling, you might have to pay more money to technology vendors, make a comprehensive policy, or rebuild processes. However, SLAs are the real troublemakers as your technology suppliers provide minimal security arrangements unless the consumers stress on specific areas.
Security Is the Main Issue
Though privacy takes precedence over security, it is based on how much importance your company is placing on the security structure. Majority of the data leaders do not take up security discussions until the tail end of a project cycle. Since supervising, cataloging, and reporting are costly, technology brokers supply the same technology unless asked for personalized versions. However, GDPR implementation will make personalization mandatory.
Data Controllers Beware
Policies might be agreed upon by clients and service providers. However, the author believes that the clients, the data controllers, are going to be the defaulters rather than the service providers, the data processors. Though Michael Nadeau writes for CSO that GDPR makes both parties responsible, Light thinks if you do not opt for a GDPR-enabled supplier offering, the onus is on you.
Get Your Suppliers On Board
Prioritize security discussions and get your suppliers on board soon. Be clear about the responsibilities. Read the fine prints carefully to prevent shouldering a security responsibility unknowingly. The reason behind the author stressing on early meet-ups of service providers and clients is that the court decides whether you have complied or not.
To view the original article in full, visit the following link: https://www.cio.com/article/3267208/privacy/to-manage-gdpr-data-risk-pay-attention-to-your-service-level-agreements.html