How to enable a real time Privacy Law monitoring for Data Security?
Privacy Law monitoring is a challenge considering data protection tools and IT Security alignment with Privacy Program.
The traditional way of a Privacy Program is:
- Assessment in general (IT, Process, etc)
- Contract reviews
- User Journey reviews
- IT Security review
- Data Protection implementation
At this Point and after the expense of millions, the Enterprises have the feeling of security, but are they really protected?
Consider the Data Protection implementation the Day 1 of DPO Ongoing tasks and we can think about some scenarios:
- The IT Assets ( Databases, Servers, etc) are the same after 6 months or 1 year?
- The SIEM knows the current assets to monitor?
- If the SIEM have a incident how to define if is related to Privacy Scope
- If the Development Team include new bugs in Systems, how to define if is related and alert in real time the DPO
- How many new databases or servers related to Privacy Law scope was included?
- The DPO knows and is informed of all new demand with user data?
What you need to do?
- Create a Privacy Governance mechanism to link the business process with IT Assets
- Integrate data discovering tools to found new assets and compare with your Governance control
- Share with DLP and CASB tools your Privacy Scope to improve the Data Loss Prevention with your Privacy Laws demand
- Share with your SIEM your control of IT Assets to provide intelligence about Privacy to your Monitoring.
- Compare your IT Asset list with Privileged Account Management tools to check if everything is controlled
- Compare your IT Asset list with Vulnerability Scans to know in real time new risks and potential risks
- Integrate with your DevSecOps Lifecycle to check in real time Privacy Risks in deploys.
Any idea to complement this strategy? Comment here!