Sponsored by:
< Back to Playlist
< Previous
Next >
3

Data Compliance in The Digital Era

Foundry

An enterprise data protection plan should go beyond securing and regulating data access to encompass tools for automating the creation, duplication, classification, retention, and deletion of all data types. In most cases, plans also need to accommodate a growing number of regulatory requirements.

Data compliance in the digital era grows more complicated by the day due to the exploding volumes of data organizations collect and the constantly changing regulatory environment. Governing bodies worldwide issue new regulatory alerts an average of once every seven minutes, and large companies say the average cost of remaining in compliance now runs to nearly $10,000 per employee.

Regulatory burden grows

As the volume of regulations increases so does the scope. For example, 71% of countries now have data protection and privacy rules in place, a relatively new development that challenges organizations that work across borders. Some jurisdictions also dictate where data may be physically stored (data sovereignty), how it is protected, how long it must be retained, who has access to it, and the conditions under which it may be exposed. More than 120 new district tax regulations were imposed in the U.S. during the first six months of 2021 alone. Even small companies that do business online may have hundreds of regulations and changes to monitor.

The challenge of maintaining regulatory compliance has been elevated by the proliferation of data throughout the organization, particularly in remote work scenarios. Cloud storage, software-as-a-service applications, and data stored on individual desktops and mobile devices are all potential vulnerabilities.

Automation needed

A data protection plan protects against compliance violations by mapping policies to regulatory rules and automatically applying policies when those rules change. A plan backed by sophisticated data protection tools can protect organizations against many compliance violations by automating the management of regulated data.

Data protection begins with a comprehensive audit that identifies the types of data the organization owns, assigns sensitivity levels, and applies automation to manage data according to policies. The audit enables organizations to clean up their information assets by getting rid of redundant, obsolete, and trivial (ROT) data. A data inventory also enables organizations to more quickly respond to compliance requests and verify that necessary compliance measures are in place by making it easy to find regulated information.

A modern data compliance and governance suite can discover and classify data across a wide range of applications and devices, both on-premises, in the cloud, and even in connected devices in employee homes. It can identify high-risk data wherever it is located and archive it in a full-threaded conversational context to simplify responses to regulatory requests. The solution can also reduce costs by identifying ROT and either deleting it or moving it to archival storage.

A complete solution also reduces costs by automating manual data management tasks. For example, many regulations specify mandatory data retention guidelines or the length of time the data must be retained before deletion. Failure to comply with these rules can expose an organization to significant legal liability, particularly when personally identifiable information is involved.

A data protection solution can classify at-risk data, manage access privileges, and store data in designated locations to comply with sovereignty rules. It can even be configured to automatically delete data once it reaches the expiration point specified by regulations.

Data volume growth shows no signs of abating. Organizations that put technology in place to automate the classification and disposition of data will be better positioned to accommodate that growth without the risk of running afoul of regulators.

< Previous
Next >