Maksim Kabakou - Fotolia
Security Think Tank: Align compliance objectives with business goals
What strategies can information security professionals use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?
Just over a year ago, the pressure to fulfil the requirements of individual articles of the European Union (EU) General Data Protection Regulation (GDPR), often with a patchwork of specialised solutions, shaped the mistaken perception of some enterprises that GDPR compliance was simply a hurdle that needed to be overcome.
Now that the deadline has passed, many enterprises are reflecting that a simplistic tick-box approach to compliance, with GDPR specifically and regulatory requirements generally, has failed to gain potential benefits. Even limiting outcomes to a compliance perspective, many will realise that their efforts have failed to provide flexibility and scalability to cater for the expectation that more, and more stringent, data protection regulations will continue to evolve around the world.
Having such a broad scope led to many organisations treating GDPR as an unwelcome burden. However, an approach that moves towards aligning business objectives with compliance requirements can provide organisations with better control of data. Such an approach offers the enterprise the potential to exploit benefits across all its data-driven initiatives, aligning compliance objectives with forward-looking business goals.
Compliance, and the effective exploitation of data for business benefit, share the same essential requirement: absolute, granular control of data. Ultimately, this synergy will provide the high-level opportunity to restructure the people, processes and technology within the organisation to maximise both the protection and value of information.
Maxine Holt, Ovum
Compliance, alongside the need to recognise and leverage the business value of data, are data control challenges. Viewing them in this way makes the alignment of business and compliance objectives much less of a problem.
Organisations can begin to identify existing use cases and processes that depend on this control, and form interdisciplinary teams involving stakeholders from both compliance and other business roles to collaborate on shared outcomes and objectives. From this comes shared processes and workflows, shared technology, and – to some extent – shared budgets.
By intertwining compliance goals within the broader enterprise initiative for data control and value realisation, there’s the potential for compliance to cease being a cost centre over time.
Benefits, such as improved customer relations and consumer trust, provide “softer” returns that are often difficult to measure quantitatively over a short-term period, but can be significant and should not be neglected in calculations.
By addressing these problems at their root, the enterprise can kill two birds with one stone, simultaneously improving the ability to comply with regulations such as GDPR and improving the ability to exploit data for business value.
Read more from Computer Weekly’s Security Think Tank about how to shift data protection focus to business benefits and success