580 words, 2.1 minutes read.
GDPR 1 big thing: Develop experience driving cross functional privacy initiatives as GDPR, CCPA or other compliance frameworks.
The big picture: Ensure there is a strong understanding and involvement with security and privacy related regulatory compliance, as FISMA, HIPAA/HITECH, GDPR, EU you Privacy Shield.
Why it matters: Make sure the cyber security and compliance analyst is responsible for auditing of existing it systems and assisting in the evaluation of new it systems for both security and compliance with existing and future regulations including gdpr, ccpa, hipaa, and sox.
The backdrop: Assemble, hygiene, analyze and make sense of complex data sets that meet functional and non functional requirements across engineering, product development, privacy and legal.
What to watch: Review and revise a variety of agreements relating to data privacy, including vendor and customer agreements, and provide privacy subject matter support for customer agreements and vendor management.
On the flip side: Develop experience in the context of a data protection or data privacy compliance group or have been part of consulting engagements that support data privacy compliance for a client.
How it works: Collaborate with wholesale privacy partners to enhance program and align where appropriate; develop working groups, with priority, to address cross lob issues and drive consensus resolution.
What we’re hearing: “Implement processes for Privacy by Design, GDPR, CCPA and other applicable privacy laws to ensure that data use meets established regulatory compliance needs from commencement of product development.“, Wayne H. – Development Assistant, Social Sciences
What they’re saying: “Lead the development and evolution your privacy strategies, policies and practices, and be responsible for your compliance with data privacy regulations around the world.“, Kevin D. – Privacy Specialist
Meanwhile: Develop experience using the industry standards/framework, as NIST 800 53, NIST 800 171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.
Be smart: Invest in maintaining privacy program operating model; support key Data Privacy processes such as DPIA execution, Privacy Inventory, Data Subject Rights request response, client inquiries and privacy complaints etc.
Go deeper: Provide legal guidance, support and advocacy to legal and business stakeholders as a change agent to facilitate implementation of critical privacy compliance projects and related process, product or service enhancements.
State of play: Make sure your workforce is overseeing the it risk posture of your organizations systems and information assets and ensuring you are following accepted standards, including nist and gdpr.
The bottom line: Guarantee your company leads data governance to ensure data is available, accurate, and compliant, including, monitoring and auditing quality, and ensuring compliance with data privacy regulations.
What’s next: Establish data content discovery and content file classification and tagging solutions and operational practices that track and manage risk of data content loss/leakage or unauthorized use or access or regulated/high value data and minimize the risks of data security and/or data privacy breaches.
ICYMI: Manage and/or coordinate with other Legal team members on: Open source and IP issues, Labor law issues for your contingent workforce, and Privacy related issues HIPAA, GDPR, CCPA, etc.
A MESSAGE FROM THE ART OF SERVICE
Get started: store.theartofservice.com/GDPR-critical-capabilities/
Trusted by: Hodges University, LogMeIn, Alight, Takeda Pharmaceutical, Coinbase, Priceline.com, Microsoft, University of California, Santa Barbara, Liberty Mutual Insurance, Briotix, Inc., QVC, Zynga, Crownpeak, Bose, Splunk, Citizens, Havas Media, Kellen Company, Roche, iRhythm Technologies, Southwest Airlines Co., Gap Inc., Organic, Facebook, RainFocus, Coursera, Trustpoint.One, Highspot, Match Group, Amex, Syngenta, Intone Networks, Innovid, Mazars USA, Calm, Innovations for Poverty Action, Sorenson Communications, Capgemini, Arhaus Furniture, DDMR, Guidewire Software, Inc., Informatica, Deloitte, Science 37, GTB, Columbus Technologies, amdocs, Wunderman Thompson, IntelliCentrics, Amazon.com Services LLC, Juniper Networks, MBO Partners, Insight Enterprises, Inc., Square, McKinsey and Company, GMMI INC, IBM, Patagonia, Inc, Hopper, AlignTech, SitusAMC, Rakuten Americas, PRICE WATERHOUSE COOPERS, Wiley, Room to Read, Florida National University, Equifax, MarketStar, Prudential, NeoGenomics Laboratories, CVS Health, CrowdStrike, NVIDIA, The Walt Disney Company (Corporate), Genentech, Stericycle, Wells Fargo, Fidelity Investments, Latham and Watkins LLP, Fortive Corporate, Medtronic, Inflection, Synacor, SAP, Hogarth Worldwide, PwC, Graebel Companies Inc., Verizon