登录查看更多内容

How can you align data governance with GDPR, HIPAA, and ISO?

由人工智能和领英社区提供技术支持

Data governance is the process of managing the quality, security, availability, and usability of data in an organization. It involves defining roles, policies, standards, and procedures for data collection, storage, analysis, and sharing. Data governance is essential for complying with various regulations and standards that aim to protect the privacy, confidentiality, and integrity of data, such as GDPR, HIPAA, and ISO. How can you align data governance with these frameworks and ensure that your data practices are ethical, legal, and effective? Here are some tips to help you.

此文章中的业界达人

由社区从 2 条内容中精选。了解更多

1 Understand the requirements

The first step is to understand the specific requirements and expectations of each framework that applies to your organization. GDPR is the European Union's regulation that governs the processing of personal data of individuals in the EU and the EEA. It grants data subjects various rights, such as access, rectification, erasure, and portability of their data, and imposes obligations on data controllers and processors, such as obtaining consent, implementing security measures, and reporting breaches. HIPAA is the US federal law that regulates the handling of protected health information (PHI) by covered entities and business associates in the health care sector. It establishes standards for privacy, security, and notification of PHI, and requires compliance with the HIPAA Privacy Rule and the HIPAA Security Rule. ISO is a family of international standards that provide guidelines and best practices for various aspects of data management, such as quality, security, risk, audit, and governance. ISO standards are voluntary, but they can help organizations demonstrate their commitment to data excellence and compliance.

添加您的观点

2 Define your goals and scope

The next step is to define your goals and scope for data governance in relation to each framework. What are the benefits and challenges of complying with each framework? How does each framework align with your business objectives and values? How does each framework affect your data stakeholders and processes? How much data do you need to collect, store, analyze, and share to meet each framework's requirements? How do you measure and monitor your data performance and compliance? You should answer these questions and establish clear and realistic goals and scope for your data governance program.

添加您的观点

3 Design your data governance framework

The third step is to design your data governance framework that supports your goals and scope and aligns with each framework. A data governance framework is a set of principles, policies, roles, responsibilities, processes, and tools that guide and enable your data activities. Your data governance framework should address the following elements: data quality, data security, data privacy, data ethics, data lifecycle, data architecture, data standards, data roles, data policies, data procedures, data metrics, data audits, and data improvement. You should design your data governance framework in a way that ensures consistency, transparency, accountability, and compliance across your data domains and functions.

添加您的观点

Merrill Albert

Enterprise Data Leader, Data Governance Officer, Data Thought Leader, Chief Data Officer, Fractional Governance, Data Evangelist, LinkedIn Top Data Governance Voice, creator of #CrimesAgainstData
举报内容
I would actually recommend flipping this. First should come the data governance infrastructure and second should come the alignment with GDPR, HIPAA, etc. By doing it that way, you're establishing a structure that you grow as you add on to it. As new regulations come along, you have the people identified who will need to understand and comply with the regulations, you have the templates in place to add new processes around these regulations, you have a regular communication process in place, etc.

已翻译

赞

4 Implement your data governance framework

The fourth step is to implement your data governance framework in your organization. This involves communicating your data governance vision and values to your data stakeholders, assigning and training your data roles, applying and enforcing your data policies and procedures, deploying and integrating your data tools and systems, collecting and validating your data sources, securing and protecting your data assets, analyzing and reporting your data insights, and reviewing and improving your data practices. You should implement your data governance framework in a phased and iterative manner, starting with the most critical and sensitive data areas and processes, and expanding to the rest of your data landscape.

添加您的观点

5 Monitor and evaluate your data governance framework

The final step is to monitor and evaluate your data governance framework and its alignment with each framework. This involves measuring and tracking your data metrics and indicators, such as data quality, data security, data privacy, data ethics, data value, and data compliance. You should also conduct regular data audits and assessments to verify and validate your data activities and outcomes, and to identify and address any gaps, risks, or issues. You should also solicit and incorporate feedback from your data stakeholders, such as data subjects, data users, data providers, data regulators, and data partners, to ensure that your data governance framework meets their needs and expectations. You should also review and update your data governance framework as needed to reflect any changes or developments in your data environment, such as new data sources, data technologies, data regulations, or data standards.

添加您的观点

6 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Naresh Gudla, PMP?,SAFe?,CSM?,ITIL?,SRE

2x Top Community Voice on LinkedIn 2023, Release/Change Management, Operational & Delivery Management using lean & Agile, Service Delivery (ITIL, SRE), Technical Program/Project Manager,Data Governance, Data Management
举报内容
Devising a data governance framework is a continuous process and it should be flexible enough to accommodate any regulations, compliance, etc. Understanding the regulations and standards and then bringing them into the framework is an interactive process. A few considerations to be thought out are: 1) Data Encryption criteria 2) Data Storage, Retention, and archiving process. 3) Data Identification, classification, and Mapping according to their sensitivity and relevance. 4) Regular auditing and having a designated team to tackle all the compliance use cases are needed. 5) Data Privacy SME's Bringing in these dimensions, helps to align the data governance to GDPR, HIPPA etc.

已翻译

赞

Data Governance

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How can you align data governance with GDPR, HIPAA, and ISO?

1

2

3

4

5

6

1 Understand the requirements

2 Define your goals and scope

3 Design your data governance framework

4 Implement your data governance framework

5 Monitor and evaluate your data governance framework

6 Here’s what else to consider

Data Governance

给文章评分

感谢您的反馈

更多Data Governance相关文章

更多相关阅读内容

How can you align data governance with GDPR, HIPAA, and ISO?

1

2

3

4

5

6

1 Understand the requirements

2 Define your goals and scope

3 Design your data governance framework

4 Implement your data governance framework

5 Monitor and evaluate your data governance framework

6 Here’s what else to consider

Data Governance

给文章评分

感谢您的反馈

查看其他技能