sb-au logo
Story image

Six basic steps businesses can take for regulatory compliance

06 Jul 2018

Business leaders are increasingly seeking to understand and respond to new regulation and resulting risk related to their data and analytics strategies.  

Earlier this year, the Australian government implemented the mandatory Notifiable Data Breaches (NDB) scheme, and recently Europe launched its General Data Protection Regulation (GDPR), which applies to all businesses with customers or stakeholders in Europe.

These pieces of legislation greatly increase the need for an organisation to ensure the security and privacy of consumer data.

It’s essential for an organisation to understand the emerging landscape and implications for its strategy.  Think Big Analytics industry consulting lead Brian Landa says, “Organisations are making significant investments in advanced analytics to deliver digital transformation and achieve step-change competitiveness.  

“The growth and profitability made possible through analytics leadership now make these capabilities mission-critical.  

“Future success requires organisations recognise and respond to the new regulatory landscape,” he adds. Digital technology has made organisations more sophisticated in how they market to customers.

Organisations can gather large volumes of data that lets them identify individuals through user IDs, IP addresses, loyalty cards, and location data to create personalised messaging.  However, this has also created many challenges around keeping that personal data secure, which has resulted in regulations like the NDB scheme.

The financial penalties for failing to comply with the NDB scheme or GDPR can be significant, but the potential damage from resulting loss of trust in an organisation’s brand may be far greater.

Organisations need to apply a comprehensive approach to marketing and data management to protect their business and its customers. ​ Teradata has identified six privacy requirements that can help organisations comply with customer rights: 

  1. Consent management. Requests for consent must be simple to understand, clearly requested, and as easy to give as to withdraw. Active opt-in marketing can help organisations give proper consent power to customers and let them be certain that they are actively opting in.   
  2. Security. An organisation’s data is under constant attack, internally and externally. To ensure individuals’ data is protected, the GDPR requires that all personal data is secured by encryption, whether at rest or in transit.   
  3. Data minimisation. The regulation specifies that personal data collected be “adequate, relevant, and kept no longer than necessary for which the personal data are processed.” Organisations must eliminate outdated and irrelevant data to remain compliant.   
  4. Portability. Customers have the right to export their personal data in an encrypted format that can easily be imported into a different IT environment. However, this can have huge implications in big data ecosystems. Organisations should ensure that personal data can be exported in a structured and commonly-used format to avoid any problems.   
  5. Stay informed. Data and analytics have become essential to all organisations and their impact is critical on marketing decision making. Customers have the right to request and be shown how and why they were targeted for a specific marketing campaign.   
  6. Right to be forgotten. Organisations need to give customers the right to opt out from receiving marketing communications, to have their personal marketing data anonymised, and to refuse to let their data be analysed at any time. 

The capabilities needed to achieve these requirements also have a strong overlap with those needed to ensure compliance with the Australian Notifiable Data Breaches scheme and greatly reduce the risk of occurrence of breaches. 

Landa says, “GDPR compliance including robust security should be viewed as a foundation for success in today’s digital environment.

"Taking an early and proactive stance toward compliance with GDPR and Australia’s NDB scheme can help organisations improve their marketing and data management systems, and help them achieve competitive advantage.”

Story image
Top 10 riskiest IoT devices for enterprises, according to Forescout
IoT devices can become attack vectors for hackers to gain access to enterprise networks, and recent Forescout research shows businesses need to be aware of this and put adequate security measures in place.More
Story image
Research: Rapid growth of embedded security market inevitable
With the rise of IoT, as cybercriminals find new ways to gain access to devices, new secure embedded hardware can block their points of entry.More
Story image
MEF grants 3.0 SD-WAN certification to Fortinet
MEF has recently certified Fortinet’s Secure SD-WAN offering as being able to support MEF 3.0 SD-WAN services.More
Story image
Fortinet resolves to help communities through new Corporate Foundation
“Through the establishment of a Corporate Foundation, we are extending investments in security training and education, employee community engagement and disaster relief efforts to empower and protect our communities, as well as positively impact our business, employees, customers and shareholders.”More
Story image
Inteview: Mimecast security expert on why email attacks are more successful than ever
Techday spoke to Mimecast Australia principal technical consultant Garrett O’Hara, who walks through why security experts are becoming increasingly pessimistic about email-borne attacks.More
Download image
NFV: The go-to method for simplifying corporate networks
The case for NFV is clear: according to responses from more than 1300 IT and networking professionals around the world, 57% say their organisations has deployed or plans to deploy NFV.More