CCPA, GDPR, Smart Data Discovery, and Compliance: ASAP

CCPA, GDPR, Smart Data Discovery, and Compliance: ASAP

{{ articles[0].views | formatCount}}


Join the DZone community and get the full member experience.

Join For Free

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

If you’re one of those people who thought that rules liketheEuropean Union’sGeneral DataProtectionRegulation (GDPR) would never affect you or your company, you need to start rethinking that now.

When it comes into effect in January2020, the California Consumer Privacy Act (CCPA) will take its place as the American equivalent of GDPR.The CCPAwas written to give citizens of California the right to know what categories of personal information a business has collected about them and their children, as well as whether and to whom this personal information has been sold or disclosed. And even if you’re not based in California, the chances are extremely good that your company will be affected by its provisions; your company probably has customers or employees based in the Golden State.

It’s not going to be easy, or something that you canjust quickly executebefore the deadline.You need to begin your efforts now if you haven’t already done so. Starting off, you need to know whatPersonallyIdentifiableInformation (PII) and sensitive data are under your control. “The potential penalties from violating CCPA could easily run into millions of dollars,” says Oksana Sokolovsky, CEO at Io-Tahoe. “An overall regulatory compliance solution enables firms to move away from a reactive position and get a handle on what sensitive data they have, where it is located, and why they have it. Without understanding this critical foundational component of the enterprise landscape, the required policies and controls to protect data cannot be put in place.”

To comply with the CCPA and others sure to come in the future, your business needs automated smart data discovery and an AI-driven data catalog, with a full relationship mapping, data flow discovery, redundant data detection, and, most importantly, sensitive data detection. Your organization needs a data regulation compliance strategy now, which has to include an automated solution for detection of PII and sensitive data.

While it’s essential to comply with the law, and while many will grumble about this as a “gotta do,” you have the opportunity to regard CCPA (and GDPR) compliance as a potential strategic advantage for your company. By understanding how to exploit compliance efforts for greater business advantage, taking the steps to protect your company’s sensitive data can add value in a number of ways, including:

  • Simplifying reporting: Auditable processes for data asset assessment and classification simplifies compliance reporting;

  • Automate monitoring: Discrete specifications of data sensitivity enable automated application of data protection policies;

  • Risk reduction: Knowledge of the data landscape improves the ability to apply data protection applications (such as encryption and masking);

  • Data awareness: Knowledge in the “hidden” areas of the data landscape provide insight into corporate operations and business opportunities; and

  • Building trust: Demonstrating auditable processes for protecting personal and private data builds trust with your customers.

One hugely important caveat: you must not try to do this manually. Yousimplyhave too much data already under your control, across multiple databases in multiple locations. Think about it. “Joe Smith” may exist in a marketing database, an accounting database, a customer service database, and more. One or more branch offices may have a separate record about Joe, aside from those residing in your centrallocation. If Joe decides to exercise his “right to be forgotten” and demands that information about him be deleted, you’re required to find ALL of his records.

You need to implement a smart data discovery strategy.Smartdata discovery can help you find all versions of the data — even data you didn’t even realize was under your control across multiple locations. And once you know what you have,that’s the first step in the compliance journey.

One other piece of advice: don’t assume that the drive toward enhanced privacy regulations will stop withthe CCPA.Legislators in nine additional states have introduced draft bills that would impose broad obligations on businesses to provide consumers with transparency and control of personal data. If passed, these laws will impact nearly any type of entity that operates in the state, even if the business has no physical presence in the state.

In short, your course of action is clear: get moving. Now.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.


data discovery
artifical intelligence
data privacy
gdpr compliance

{{ articles[0].views | formatCount}}


Opinions expressed by DZone contributors are their own.

Read More


Please enter your comment!
Please enter your name here