DPG's Position on Data Protection
Data Protection is a requirement of growing importance for all organisations and where a previous position of apathy or tick box compliance may have been acceptable, the volume and impact of data breaches has accelerated the focus on this area from vague interest to critical importance. The belief that "cyber" is the only factor when looking to protect data is both short-sighted and dangerous. An organisations data protection ecosystem is assembled from a multitude of business operations and processes and whilst cyber-attacks and technology are a critical part of data protection it is something far older and far less reliable which has perhaps the greatest impact on data protection; PEOPLE.
The interface between people and data permeates throughout business operations and plays THE most important role when looking at the overall data protection effort. Whether that might be a decision to create or use data, the configuration of technology to protect data or the approval of a policy which controls business operations, the impact of human decision making is the starting point in understanding how well an organisation protects information.
With much focus on technology and the promotion of “Cyber”, DPG believes that organisations are focusing on the threat vector of potential attacks rather than looking at reducing vulnerabilities which permit such attacks. This focus on technology alone is only addressing one part of the overall defence landscape and leaves many holes which can easily be exploited and lead to data breach.
The data protection challenge for organisations is enormous. To even understand how data is captured, stored and used is a significant challenge. The complex structure of an organisation can take months to fully understand and business operations often deviate from policy documents. How do we assess risk in processes which interact with multiple different entities and change and flex to differing business environments? From a technology perspective the network and infrastructure has been designed and maintained in an organic way and even knowing what technology exists is a problem. Add different working practices such as home workers and mobility and overlay the increase in motivation and threat capability of aggressors, is it any surprise that most businesses are struggling to maintain data integrity?
So given this, Where do you start? Who do you speak to? Who do you trust?
The DPG Pathfinder process was developed in conjunction with leading risk management experts and thought leaders in a wide range of fields all of which impact on data protection. Stepping away from the technology and looking at business processes and human factors, DPG developed the Pathfinder software which is a data capture tool used to interrogate business operations, including those which may not have an obvious impact on data protection. The scope includes the entire data ecosystem extending to third parties or partners, to question and review how they perform their roles when overlaying a data protection requirement . Incorporating the physical, technical and general business environment, the DPG Pathfinder software delivers an immediate view on critical business exposure where data protection is concerned.
The DPG Pathway Report breaks the task of improving Data Protection performance into manageable and measurable activities including all operational teams to ensure that Data Protection is viewed as an organisation wide responsibility, NOT the task of one person or one department. If a corporate is to promote “Privacy by Design”, data protection must cascade throughout each and every business operation. By following the DPG Pathfinder process, you will not only identify immediate areas of concern, you will develop your own roadmap (Your Pathway) to match your business environment against your risk appetite, threat landscape and of course, budget.
Your Pathway will help you meet regulatory compliance, protect the brand, make the complex world of data protection much easier AND help you with resource and budget management.
Are you concerned about how your business would stand up against a data protection audit?
If so, this is for you.