There are many ways to be in breach
Any organisation could be an unfortunate victim to sophisticated and deliberate external attacks. Hackers with enough intent can often find a way to exploit the slightest vulnerability within e-commerce websites. However, in reality, the core of GDPR is actually about approach to data collection, storage and management – not so much about e-commerce security in the purest sense.
The BA and Marriott breaches literally touch the surface of what privacy compliance requires from organisations. Despite having the fines reduced to a fraction because the travel industry was so catastrophically affected by Covid lockdowns, the original fines focus on just one of many ways to lose customer data, so a holistic approach is needed.
It’s why organisations need a broad approach to good information governance and process, not just perimeter cyber-security. While much of the headline-grabbing might be around preventing deliberate theft, you can’t afford to rest on your laurels when it comes to good data management practice across your data estate.
Achieving ‘compliance’ to regulation is a constant mission and aim, not something that can be ticked off, marked complete and put to bed.
So what can you do to strengthen your data security to enable governance, risk management, retention, cybersecurity and compliance with privacy regulations?
Here, we focus on three key areas: