Ask a company which role or team is ultimately responsible for ensuring data protection or data security, and they often cannot give a single, clear answer.
Data protection is inherently a cross-functional problem, but different parts of the organisation are focused on different priorities, and rightly so.
Data security and governance too often fall between the cracks, not truly belonging under the CTO, the CIO, business units, or even the CISO or the compliance team.
Most organisations suffer from both technical and operational shortcomings that hamper their efforts at data protection. To address this situation, responsibility for implementing data security and governance should belong with those who own the applications that use the data.
Organisations should empower application owners and the development teams that support them with solutions that enable them to quickly incorporate security and compliance at the same time. Crucially, given the nature of today’s increasingly virtualised computing environments, this must be achieved through security at the code level.
This approach builds enterprise value because it not only protects the organisation from data breaches and compliance failures, but also enables personnel across many functions to improve innovation and competitiveness.
For additional reading on this subject matter, get the ‘Data Protection Is Everyone’s Job So It’s No One’s Job’ eBook here:
Submit your details below to access the full guide:
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.