DATA COMPLIANCE
Mustafa Qizilbash
Author, Data & AI Practitioner & CDMP Certified, Innovator of Four 4s Formula, DAC Architecture, PVP Approach
Data Compliance is mostly confused with Data Quality and Data Integrity, which is somehow true, as all these terms do share some common features for ONE GOAL i.e., Data Protection.
Data Compliance is to follow certain regulations and standards of Data Security, Data Privacy and Data Integrity, set by different Regulatory Bodies around the World to protect sensitive data and to made data available in certain ways.
Regulatory Bodies set, if not all but, CERTAIN Data Security, Data Privacy and Data Integrity standards. So, having only Data Compliance measures, will not protect data 100%, there are many other standards covered under Data Security, Data Privacy and Data Integrity which are required to be in-place for any organization.
?
Common Regulatory Bodies Frameworks
We won’t be going into details of regulatory bodies like what is required by each but for audience, let me mention most famous ones here.
●???????GDPR
●???????HIPAA
●???????PCI DSS
●???????SOX
●???????CCPA
●???????CMMC
How Do You Ensure Data Compliance?
●???????Conduct regular periodic revisions to set latest measure for data protection
●???????Maintain all the data protection measure and all the audit procedures
●???????Assign a SPOC (single point of contact) or a department to host and maintain data security and compliance standards
●???????Always used commonly used Frameworks
Please note, regulatory policies, procedures, workflows, and operational requirements differ in different countries. It is very important to understand that one need to follow the law of that country where the data is generated. Accessing data cross border raises Data Sovereignty concerns.
Cheers.
Data Governance/Management Leader??DAMA President Poland??Data Governance Officer??SAFe??CDOs & CIOs Committee Member at the Data Economy Congress Poland??BCBS239|RDA&RR|GDPR SME
2 年If we want to see the Data Compliance challenges then it is necessary to look into the financial sector as these regulations are heavy, but perfect guidance like BCBS239. CRR, TRIM etc and each country has more own ones to assure that the data are under control??
Senior Advisor, Asset Information Management
2 年If we define "compliance" as "meeting the specific requirements of an authority", then data compliance serves multiple purposes. Data requirements can originate in jurisdictional laws (i.e. SOX), governing body regulations (i.e. GDPR), standards (i.e. various ISO), policies (i.e. organization-specific), /contracts/ (missing in the above description), business rules (i.e. needs to support business operations), solution designs (i.e. needs to support implementation and integration) - and so on. Some compliance requirements are external, some are internal. Some are mandatory, some are optional / opportunities.
information security | Management Systems: Quality (ISO 9001) | Information Security (ISO 27001 | NEN 7510) | Data Quality (DAMA-NL DQMS)
2 年Data compliance is just one of the many dimensions of data quality.