Monday, April 19, 2021
"Even for the most prepared, COVID-19 likely threw a wrench in payment providers' data privacy and security plans," Forsyth said in an interview with The Green Sheet. "Many were ill-equipped for the transition to remote working, especially when it came to keeping customer data secure."
Forsyth advised companies to take a strategic approach to privacy compliance that considers in-office and remote workers. Whether in-office or remote, data privacy and compliance plans should span all levels of an organization and allow enough time for a comprehensive review process, he stated.
"It is important to understand how your company collects and uses data," Forsyth said. "This can be accomplished by using a data map showing where data comes in, how it is used, where it is stored, and for how long. Should a regional data privacy regulation be passed, this can help with disclosure requirements and identify potential data security risks."
Following are additional recommendations:
Forsyth observed that £245.3 million worth of fines have been imposed in Europe and 160,921 personal data breaches have been recorded since May 2018, when the GDPR went into effect, according to data from DLA Piper. Despite these examples and continual reminders about GDPR, numerous companies were ill-equipped to handle the change and were fined, he noted.
While fines assessed on companies such as Google and Marriott Group gained global attention, small and midsize enterprises were also impacted by non-compliance, Forsyth noted. He recommended implementing compliance plans early, even in regions without data privacy regulations, to avoid costly lawsuits and to be prepared when a national data privacy regulation is inevitably passed.
Be especially vigilant about remote employees, those returning to the office after the shutdown and any temporary employees who may be using your systems, he added. "When it comes to implementation, the worry shouldn’t be so much about being creative as getting up-to-speed quickly and securely," Forsyth said. "Since GDPR was implemented, the top five largest fines were not related to complicated data breaches, but poor practices that an organization could have easily solved had it done a comprehensive security audit across its business."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.