Scott M. Giordano, VP, Data Protection, Spirion
Session P14: GDPR Compliance Post-Mortems: Lessons Learned from Facebook, Uber and Others
September 15, 2019, 10:30 AM – 12:00 PM
GDPR has been in effect for just months but already tens of thousands of breaches have been reported to data authorities. Scott Giordano, Vice President of Data Protection for Seattle-based Spirion reports in this podcast that this is a sign that business is taking GDPR seriously.
It also reflects a key requirement of the legislation: the rule requiring notification of a breach – whether by a hacker or even due to a contract violation – within 72 hours. That requirement forces companies to act quickly. It is also a mandate that is spreading, with US laws and regulations also increasingly requiring similar notification timelines.
Along with the new legislation has already come enforcement. Google ran afoul of CNIL, the French data regulator, for the way in which users provided consent to the use of their data. CNIL concluded it was too difficult for consumers to determine how their data was being used and stored.
In general, Giordano recommends that organizations err on the side of caution. They should take practical steps to ensure that they are handling data properly, starting with asking the basic question: is there any reason to question the integrity of the data in their care?
Businesses need to practice information security 101 – both to safeguard the data and to avoid running afoul of regulators – and to conduct a data inventory and risk assessment.
Finally, looking to the future, Giordano counsels businesses to expect more legislation coming from states across the US. Many have already taken notable steps to ensure that consumer data is protected.
Listen in to help understand how your organization can better meet the challenges of GDPR and the ever-increasing number of data protection laws.