CIO Perspectives

The EU General Data Protection Regulation (GDPR) is the most significant piece of privacy legislation to come into effect across Europe in a generation. Cloud-computing strategies have changed significantly to meet its requirements.

Data Storage: Visibility of data storage locations is a challenge because of the volatility of data. Data may be transferred from one location to the other regularly or may reside on multiple locations at a time.

Retention of Data: Personal data must not be stored longer then needed for the predefined purpose. Multiple storage locations, data deletion from backups, inadequate retention policy could result into probable breach.

Data flow Mapping: Organizations need to map/ trace personal data flow (stored, used and transmitted). With the advent of newer technologies, increasingly mobile workforce and adoption of cloud infrastructure, data is now more distributed than ever.

Data Security: With cloud computing; there is a paradigm shift in a way the organization protects its data. Accidental or unlawful destruction, loss or disclosure are also considered as a breach. Controls needs to be defined to protect confidentiality, Integrity, Availability, Authentication, Authorization, Accountability and Privacy

Data processing Agreements: Third party risk management needs to cover breach response and its management, Data ownership, segregation of data, Right to audit, privilege access, log monitoring.

The draft bill on data privacy is pretty much in line with the EU GDPR (General Data Protection Regulation). Organizations now need to gear up and align their business strategies considering data privacy law.