A. S. Pillai, the Sr. General Manager at DG Business, speaks about data security and compliance
How has the need for data security and compliance changed over the past year?
Post pandemic data security and compliance have become the topmost priority for organizations, considering more than 60% of the workforce is working remotely. This has forced businesses to adopt much stronger security measures and to improve their security posture by redefining the policies around how data is being, stored, and shared within and outside the organization.
Many companies had to strengthen their virtual private networks (VPNs) and Cloud-Based End-Point Protections to better secure this surge of remote workers. Now, many are looking ahead to a year filled with uncertainty, strict regulations, and compliances. So, we can expect changes in 2021-22, and these will become the new normal for data security and data privacy.
What are the best-practice standards and frameworks that can help companies achieve and maintain data security and compliance?
Data protection regulations around the world have seen a major shift to implement data privacy and integrity. More than 60 jurisdictions around the world have enacted or proposed a privacy or data protection law, including the EU, Brazil, Japan, Thailand, and the U.S:
- General Data Protection Regulation (GDPR)
- California Privacy Rights Act (CPRA)
- California Consumer Rights Act (CCPA)
- UAE: ADGM and DIFC Regulations
Are there any regional data compliance regulations and frameworks, which companies that handle large amounts of public data need to follow?
UAE has some specific approaches to managing data localization laws. UAE data localization laws:
Data Protection in UAE is governed by federal laws and regulations from UAE Central Bank & Telecommunications Regulatory Authority (TRA). These UAE Federal Laws and regulations contain various provisions concerning privacy and the protection of Personal Data.
It’s important to ensure that the level of best practices and data compliance controls implemented can provide an adequate level of regulated data protection. Organizations should look now at how they collect, store and use regulated data in UAE and ask themselves how they can comply with the local laws by taking adequate measures to protect their data.
What according to you are the five tips that companies need to follow to comply with data security regulations?
First of all, every organization should know the data privacy law of the land and follow it. If not then use any global standard like GDPR or NIST guidelines for data privacy. Knowing where data is and where it’s going and use of encryption across the board.
Secure personal data across the enterprise—and beyond—against data breaches and inadvertent disclosure. Protecting data in the cloud and Create a compliant process for secure and deleting information over there. Educating employees and other stakeholders at all levels like customers, partners, vendors, and so on. Creating organization privacy policies, following global standards such as GDPR and NIST guidelines.
Many countries have passed their own version of data protection laws recently. How does your company help its clients with securing their data and staying compliant?
Do you believe the line between data security and data privacy has started blurring?
Although data security and data privacy have overlap, these two are two different aspects of the business. Data security is about confidentiality, integrity, and availability which ensures that the information is stored and protected compliant to the standards and governing laws whereas, data privacy is to ensure personal information is accessed only by the individual in an authorized manner. Data security and privacy will co-exist while there will be overlaps particularly in the area of protection of personal information.