In the past, compliance issues were based around national legislation, like HIPAA, and dealt with concerns around hardware and software. While these legacy issues are still with us, companies must now maintain compliance with the vast quantity of data they create, particularly in the face of international legislation like GDPR.
Consider the following regulation-related issues and how to address them.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) includes a vast range of new privacy guidelines that went into effect on May 25th. This regulation deals with the way an organization uses information it obtains and respects individual privacy. It is wide ranging, affecting every aspect of a business and calls for active management of third-party vendors.
Organizations that gather or use information on Europeans, do business in Europe or deal in personal data for clients are affected by the GDPR. In general, compliance means only using personal data for those individuals who have given consent, vendor oversight, regular audits and respecting an individual’s right to privacy. Non-compliance can cause a business to lose up to 4 percent of gross international revenue.
Businesses should record their data processing activities and resulting risk, including any applicable privacy issues. There are free tools that can help guide companies looking to comply.
Electronic Data Interchanges (EDI) and vendor management
Handling vendor security and vendor compliance with privacy laws is a massive task and significant compliance issue. One major challenge comes from Electronic Data Interchanges (EDI) and vendor system integration.
A 2017 report found up to 63 percent of all reported data breaches are related to third-party vendors, with some of the most well-known data breaches originating at a third party.
Internet of Things (IoT)
IoT security standards have fallen behind recently, leading to a large number of potential vulnerabilities in company networks. To ensure IoT systems are completely compliant, companies ought to perform annual penetration testing. These tests should frequently be done in the event of significant changes to IoT systems.
Another way to deal with IoT compliance is the sandboxing of IoT devices. When devices are put into a separate area of the network, it restricts unauthorized outside access to sensitive data.
Bring Your Own Device
The use of personal devices at work comes with significant security issues for an organization. However, companies can address compliance issues through a robust bring-your-own-device (BYOD) policy supported up by technical guardrails. Mobile device management protocols can be quite useful because they supply the capacity to remotely eliminate access to specific accounts or wipe a device clean.
Moreover, companies can stop sensitive data from being stolen by enforcing device locks. Businesses may want to consider replacing SMS with a time-based, one-time password-based system.
At Thompson Technologies, we fully support all the compliance programs of our clients and stay vigilant for our own compliance responsibilities. If your company is currently looking for a talent acquisition solution, please contact us today to find out how we can be of assistance.