Guest post by Conall O’Kane, Modern Workplace Practice Manager, Storm Technology
It’s just over two weeks away. It’s too risky to ignore. Organisations need to move quickly. That is, if they are going to comply with NIS2 which will see many businesses having to review and update their existing policies and systems to ensure data compliance.
Data compliance refers to adherence to laws, regulations, standards, and policies that govern the collection, storage, use, and protection of data. It ensures that data is handled in a manner that meets legal and regulatory requirements to protect privacy, ensure data security, and uphold the rights of data subjects.
Effective data management and compliance is therefore crucial to avoid penalties, protect information and reputation, and build trust with customers and stakeholders. The data compliance imperative has been thrust even more into the spotlight following a series of high-profile incidents and looks set to remain there with upcoming changes to legislation – namely, the revision of the Network and Information Security Directive (NIS2).
Higher stakes
The evolution of the NIS2 directive, introduced by the European Commission, broadens the range of sectors required to comply with data compliance regulations. It will expand to include sectors such as postal and courier services, data centre services, wastewater and waste management, pharmaceuticals, medical devices, and chemicals.
Furthermore, it will see stricter incident reporting requirements which puts the onus on businesses to adopt robust data compliance practices to adequately manage and report security incidents. It also establishes a comprehensive list of technical and process measures for companies to implement, including basic cyber hygiene practices, cybersecurity training, cryptography, encryption, and multi-factor authentication.
Due to these heightened standards, NIS2 will also see sizeable fines for those organisations who do not comply and whose data compliance strategies are not up to standard. In other words, those who neglect NIS2 do so at their own risk, not only in terms of potential financial and legal penalties but also the security of their own data and systems – something which could be catastrophic in the event of a breach.
Better strategies
Being data compliant is not just one element or area. Organisations must confirm with legal and regulatory requirements including international, local and industry-specific data protection laws and regulations. They must also have policies and procedures for data management and governance – spanning data quality, data lifecycle management, and data access controls.
From a privacy and security perspective, measures like encryption and access controls need to be implemented to safeguard personal data from unauthorised access, breaches, and security threats. On the topic of personal information, companies have a responsibility to ensure that individuals can exercise their rights over their personal data, including the right to access, rectify, delete, or restrict the processing of their data.
As is the case with the rollout of NIS2, these requirements and processes are continually evolving. Therefore, businesses need to continually review, monitor and audit their data handling practices to ensure ongoing compliance. Training of and awareness among employees is also vital to ensure that best practices are adhered to for data management and security.
Greater strides
While great strides have been made in terms of cybersecurity, more progress is needed and something simple like knowledge gaps can significantly increase an organisation’s exposure in the event of an accidental or malicious data breach. In fact, an IT Governance report revealed that some 2,289,599,662 known record breaches in 556 publicly disclosed incidents were reported in Europe between January and June 2024.
This shows that if data governance is overlooked – for instance, holding personal data pertaining to staff or customers beyond its statutory retention period – a data breach could expose a business to reputational damage and a financial penalty caused by the initial leak. Moreover, it could also result in a secondary and arguably more serious impact if that sensitive data – which should have been disposed of – is exposed or exploited.
Most organisations are at risk of having their cyber defences attacked through no fault of their own, but leaving data lying around that should have been disposed of is negligent and carries additional penalties, as well as risk. It can also be prevented through robust data lifecycle management. With so many consolidated compliance solutions out there, including Microsoft Purview, there is no excuse for failing to govern, protect, and manage data.
With data being such a valuable and targetable asset in today’s world, and the higher stakes associated with both heightened cybersecurity risks and updated legislation, businesses need to ensure that they have better strategies and are taking greater strides to review and revamp their data compliance approach. Otherwise, the spotlight might shift from the data compliance imperative to the company that falls short of requirements.
See more stories here.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.