(Newswire.net — August 6, 2020) — What is the first thing that comes to mind when you hear news of a data breach? For some people, first thoughts point right to leadership. Some of us wonder how an organisation’s leadership and management teams could allow such a breach to take place. Suffice to say that it is interesting to be in a top management position in the era of data protection.
We have been cognisant of the need for data protection from the earliest days of the internet. Still, it took a couple of prominent data breaches before the private sector took any concrete action to stop them. Then the government got involved as well. Through the late 1990s and into the early 2000s, data protection legislation was passed around the world.
One of the more recent and prominent pieces of legislation is the EU’s General Data Protection Regulation (GDPR). It forces organisations to institute and practice set procedures for the protection of data belonging to consumers who reside in the EU and the European Economic Area (EEA).
-
Leaders Are Proactive
In light of both massive data breaches and the implementation of the GDPR, leadership and management in the data protection era must be effective for the protection of all stakeholders. This dictates that, first and foremost, leaders must be proactive. They cannot wait for something bad to happen before deciding to take action.
Leaders anticipate problems; they know that simply doing nothing is inviting disaster. Thus, leaders with an eye on data protection will work with experts who specialise in consulting in GDPR projects. They will ask for audits; they will work with the management team to write comprehensive policies; they will ensure said policies are implemented and followed.
-
Leaders Learn from the Past
A good leader in any arena understands that he or she does not know everything. As such, true leaders learn from the past. They look back on past examples of success and failure. They build on both. Most importantly, they are as attuned to the past as they are to the future. They do not allow the desire to be on the cutting edge to blind them to past mistakes.
In the data protection era, past data breaches should be all the motivation leadership teams need to comply with the GDPR. For example, one of the provisions of the GDPR requires that organisations only collect that data which is absolutely necessary for them to have – nothing more.
This provision protects consumers to some extent in the event of a breach. The less customer information an organisation has in its systems, the less information is available to be breached.
-
Good Data Management Is Sound
It should be obvious that an organisation’s leadership team, while ultimately responsible for data security, does not directly handle the day-to-day management. However, this does not excuse the reality that good data management is sound management. In other words, good management is based on sound policies that are not deviated from.
This is an area in which regular data protection audits are especially important. For data management to remain sound, an organisation needs to know how it is doing at regular intervals. Running an audit provides a detailed picture. How often an organisation audits is a matter of preference. However, annually would be the bare minimum. Quarterly would be better.
Furthermore, data management policies must be written with two things in mind: compliance and evolution. The idea of compliance is self-explanatory. Policies must comply with existing regulations. In terms of evolution however, policies will gradually change over time to account for how technology changes.
-
Management Is for the Consumer’s Protection
Underscoring the entire issue of data protection is consumer privacy. The GDPR and other regulatory regimes do not exist to benefit businesses and other organisations. They are the ones collecting and processing data. No, the regulations exist to protect consumers. Good management accounts for this.
In the data protection era, leadership teams implement management policies that go out of the way to protect consumers. They make it easy for consumers to access their own personal information at a moment’s notice. They make it easier for consumers to understand their rights. And when asked to erase data completely, the organisation responds without question.
An attitude of putting the consumer first ultimately pays off for the organisation. How so? By creating an organisational reputation of genuine care and concern. Organisations capable of demonstrating they truly care about their customers earn loyalty from those customers. That can only be good.
We talk a lot about leadership and management in the modern business environment. Unfortunately, few of those discussions ever broach the topic of data security. It is time we change that. Data security is at the very core of how organisations relate to their customers. If organisations cannot demonstrate the ability or the desire to comply with data protection regulations, they stand to lose more customers than they gain.