The globalisation of data transmissions (i.e. the collection, processing, use, storage and dissemination of data) creates tremendous opportunity but also poses ever-increasing risks. To protect against the constantly evolving threat, countries around the world are devising and adopting data protection laws. As a result, liability for cyber-security has become a front-burner risk concern in boardrooms everywhere. Cyber-attacks, data breaches and poor information protection can have a significant impact on an organisation’s operations and reputation and, in case of violations of data protection rules, may be met with severe punitive sanctions. The prevention of breaches, and enforcement of a strict adherence to legal and regulatory requirements can no longer be voluntary. It is an imperative
The newly adopted legislative package on data protection is broad and complex. The core element of the package, the General Data Protection Regulation, not only lays down precise rules with regard to data processing authorisation but also mandates organisations to carry-out Privacy Impact Assessments on their information systems, to maintain a detailed record of all data processing activity and to implement some form of data minimisation in their data processing infrastructures.
Moreover, companies that process data – which indeed they all do – do not operate in a vacuum and data security is only ever as strong as the weakest link. Whoever possesses the data upstream and downstream in the chain jointly determines data security.
Duthler Associates has developed an elegant approach to minimize cyber-risk and ensure compliance with evolving data protection legislation. Their accountability-based mechanism sets up ‘accountability relationships’ – contractual arrangements between data controllers and data processors to mitigate or reduce liability risk – and provides a clear, transparent and verifiable view into the data protection processes of each individual contracted partner. A best practice application of the statutory and regulatory requirements, Duthler’s approach provides a trusted mechanism for contract control and conclusion that ensures compliance, avoids risk of harm and permits a rapid response to any misuse. All in all, it is a thoroughly well-thought out system that participants can trust to provide a reliable solution - for as far as that is possible - for their data security concerns. I recommend it for your consideration.
Prof. dr. Hans Franken