Bridging the Generational Gap in E-Governance
Balancing Compliance and Operational Efficiency
Build a Cyber Security Ecosystem to Reduce Risk in the Public Sector
Digital Innovation Energizes Global Compliance Management
Leveraging Compliance to Your Advantage
Mark Bloom, Global CIO, Aegon [NYSE: AEG]
Data Analytics: Driving Actionable Business Improvement
Rich Richardson, VP & CIO, Spirit AeroSystems
Innovative Digital Support to Leverage the Banking Sector
Wanderley Baccala, CIO, Banco Original
The Cloud: Understanding the Risks, Not Just the Benefits
Jacob Ingerslev, Head of Global Cyber Risk, The Hartford; Andrew Zarkowsky, Head of Global Technology, The Hartford
Thank you for Subscribing to CIO Applications Weekly Brief
The Evolving Role of Governance in Data Protection
Renne’ Devasia, Chief Compliance Officer, InCountry Inc.
Preparation and re-engineering to support and comply with data protection regulations including GDPR have generated tools useful to data protection and privacy. These include data privacy impact assessments, data flow diagrams, data maps, data dictionaries, and data discovery tools, among many others. These tools help organizations identify data and its core uses across products and solutions, but play a limited role in achieving the ultimate goal of maintaining transparency and customer trust regarding how personal data is being used, with whom it is shared and how it is being protected - in addition to giving control of personal data back to the individual in support of their rights to data privacy.
Continuing revelations of increased data mismanagement by some organizations places organizations under greater scrutiny of their overall data collection, management, protection and usage practices
If data is at the core of the business solution, then the solution has to be built with data governance as a foundational element. Effective, compliant data governance starts by looking at regulatory requirements from the location of the data subject – and building the data pyramid up to the pinnacle, region by region, and distilling the product or service into its core elements such that they can be delivered globally but sourced locally where the data subject resides. Only in this way can data be effectively controlled by the data subject in a way that abstracts the product or service from the user, making the product more globally compliant.
In the past, organizations have built their products and services and then searched for customers to acquire them. This resulted in a product development process where the product was envisioned and built, then systems, supply chains and other distribution mechanisms were developed and modified to enable customer acquisition country by country, state by state, to comply with regulatory requirements. Given the realities of the cloud and global product development with local distribution, organizations must reconfigure their development processes leveraging a governance model that starts with a process which envisions the product, the data which is needed and involved in building it, where the product is to be sold, and the data protection regulations in those locations. With governance at the core of the development process, the organization can then determine whether the delivery location does or should change the way it delivers the product in order to ensure data subjects’ control over their personal data is maintained and regulatory compliance requirements are met.
The art and evolution of governance in data protection is ultimately going to be determined by how well organizations can leverage the compliance tools of GDPR to re-engineer their product and service development processes to put data subjects’ control over personal data directly at their fingertips. Enabling local management of the data to reduce the risk of non-compliance and increase the confidence of regulators that their citizens’ data is respected and protected is going to be the new key business enabler in a world where personal data is at the center of your innovative new business offerings.