Now that we’re six months past the GDPR deadline, and almost a year away from the California Consumer Privacy Act, I’m still surprised to meet companies taking a wait-and-see approach to compliance. Rather than take action and adhere to the latest data privacy and protection standards, they are willing to wait until they see the repercussions – mostly in the form of fines – for non-compliance.
These regulations are part of a global trend pushing companies toward greater accountability with regard to protecting consumer data. Postponing compliance merely delays the inevitable.
Here are five reasons why you should make 2019 the year for GDPR and CCPA compliance:
1. It will make your organization more secure. Attackers know that most companies have unprotected information on their file servers. Just knowing where sensitive data is, building privacy and security into the design of your IT systems, limiting who can access it and monitoring everything will mean you limit the potential damage from a breach or ransomware attack. GDPR and CCPA mandate some basic, common sense controls for data.
2. It will help you gain control of your stale data. Companies are drowning in data that has outlived its business value. In a recent report, we found on average 54 percent of all data on a corporate network was stale. What’s worse, this data commonly included sensitive information on employees, customers, projects and clients. GDPR mandates that companies delete the data they don’t need to do business and refrain from collecting unnecessary information. By following GDPR guidelines, you can minimize the data you do keep by deleting or archiving old data.
3. It will help you know what data you have and lock it down. EU residents are protected under GDPR’s “right to be forgotten.” A consumer can demand that companies delete everything they know about them. A similar “right to deletion” exists for CCPA. Even if your company is not subject to these requests, adhering to these regulations will ensure you know what sensitive data you have, where it resides and if it’s overexposed. If you are a B2B company, sticking to the guidelines set forth in GDPR and CCPA will help you protect critical sensitive information.
4. It will prepare your company for future privacy laws. Current regulations won’t be rolled back and GDPR envy is kicking in outside of the EU. Legislators are introducing regulations and guidelines – like CCPA for instance – to protect consumers in response to the breaches hitting the news almost daily. Voluntary compliance to GDPR and CCPA will help you prepare for upcoming regulations that may affect your business. Get a head start on future laws by working toward GDPR and CCPA compliance today.
5. It’s good for your business. Organizations must restore faith with customers who have grown to mistrust companies that mishandle and lose their data to cybercriminals. Under the GDPR and CCPA, companies must use plain language to describe how they are using consumer data and be transparent about the use of personal data. If you are a B2B company that partners with other businesses, adhering to GDPR will provide extra reassurance that you take data security seriously and will not be a security risk.
The GDPR and CCPA set a precedent for future privacy laws. They are catalysts for businesses to assess their risk, remediate issues and gain control of sensitive data.
Fortunately, it’s not too late to catch up if you’re properly motivated. Working toward compliance will enhance your company’s security efforts and help ensure you are proactive in tackling privacy issues and facing threats head on in 2019 and beyond.
Brian Vecci is a technical evangelist for Varonis.