As technology evolves, the number of breaches continues to grow, and the methods of committing crime using business information and personally identifiable information (PII) increase, there are going to be more data protection laws and regulations. It is no longer practical for compliance practitioners to depend upon following checklists for their compliance activities. Instead, compliance practitioners must first understand the basics of data protection, how their applicable compliance directives apply to their own unique organizations, and the realities and feasibility for implementing specific controls to address the most compliance requirements possible within their own business environment.

It is good to take a step back and consider what it takes to be in compliance with data protection requirements. Compliance is generally and widely defined as following a set of rules. The rules can be in the form of laws, regulations, standards, contractual requirements, policies, and oftentimes procedures. Most organizations must comply with a large, and growing, number of requirements from multiple authoritative bodies. The challenge with those who must implement the requirements is having to be compliant with so many rules and the corresponding amount of overlap found within each of the compliance directives. The challenge to compliance professionals is how to check for compliance with so many different compliance directives.

Multiple regulations, laws, standards, and other compliance directives use differing terminologies and differing levels of protection requirements. Trying to maintain a one-to-one relationship between each legal compliance requirement would quickly prove to be not only inefficient but also result in risky gaps and frustrating overlaps.

This article is available from SearchSecurity.