The concepts of data privacy and data security might sound similar, but each involves a totally different set of processes and skills for comprehensive data governance.
Data privacy relates to the protection of PII (personally identifiable information) – payment card details, email addresses, medical data, education, criminal history, etc. Data security, on the other hand, essentially relates to the way organisations protect the confidentiality, integrity and availability of data.
However, they shouldn’t be viewed as separate issues, but managed in an integrated manner – which is easier said than done.
GDPR compliance = data privacy + data security management
The GDPR requires organisations to manage both. Data privacy is impossible without effective data security. Which is why Article 32 of the GDPR requires organisations to adopt appropriate technical and organisational measures – including policies, procedures and processes – to protect the personal data they process.
Managing the privacy and security of data is a considerable undertaking, and many organisations – particularly SMEs – are falling severely short of the GDPR’s data protection “by design and by default” principle.
More than 70% non-compliant with the GDPR
Recently, Capgemini surveyed more than 1,000 compliance, privacy and data protection professionals and found that less than 30% believe they’re fully GDPR compliant.
The sheer magnitude of tackling a combined privacy and information security management project is so intimidating that few organisations even know where to start.
Privacy and data security compliance in one
CyberComply is a powerful software platform that helps you manage your data privacy and information security obligations.
It includes tools that help you quickly and efficiently perform critical data protection activities through step-by-step guidance, helping you meet your privacy and security challenges head-on.
- Conduct data protection impact assessments.
- Map your data flows, following the ICO-endorsed process.
- Perform a GDPR gap analysis.
- Conduct a comprehensive risk assessment and apply the relevant controls from libraries of suggested controls.
- Access data security compliance requirements for dozens of UK laws.
- Manage data subject access requests.
- Report and record data breaches with confidence.
- Manage all your activities and create audit-ready reports.
Dashboard views show your top data security risks, and, combined with powerful reporting, you get full visibility of all your GDPR compliance and data security activities in one place.
*** This is a Security Bloggers Network syndicated blog from Vigilant Software – Compliance Software Blog authored by Julia Dutton. Read the original post at: https://www.vigilantsoftware.co.uk/blog/70-of-organisations-admit-non-compliance-with-the-gdpr-balancing-data-privacy-and-data-security