Navigating data protection and privacy regulations
provides fully encrypted protocols and advanced
cybersecurity capabilities from the credential and
reader, to the controller and software. All of this
enables secure door control, while ensuring sensitive
information stays within the secured perimeter. That
means you can reduce the risk of data interception
or credential cloning.
PRODUCT–Learn about high assurance access control
Lastly, there's ISO 27001 which is a standard and
certification. Though it's not legally mandatory,
compliance with ISO 27001 can help organizations meet
various other regulations because the recommendations
align well with those outlined in the GDPR, NIS2, and
other similar directives.
Knowing this will help you better navigate expectations
and requirements as new legislations or guidelines
come out.
GUIDE–Your journey to GDPR
2. The truth about data governance and geography
More organizations today are adopting cloud solutions
or implementing hybrid-cloud deployments. When
doing that, they question whether they need to keep
data within their own countries to abide by regulations.
Here's the short answer: most data covered by data
residency embargos and can, therefore, be legitimately
exported to and handled in other countries, so long as
certain privacy and security measures are put in place.
There are some exceptions to this. For example,
certain types of data handled by the players in highly-
regulated industries (like banking, government, and
critical infrastructure) may, due to the sensitivity of their
operations, be subject to data residency constraints.
In other cases, certain organizations may simply have
a preference or policy for keeping data within certain
geographic boundaries, without that measure being
legally mandated.
Personal data seems to be another big exception.
In truth however, for most, there are no regulatory
requirements for personal data residing within your
country. What actually matters is whether the data is
handled and protected in ways that meet applicable
home-country regulations.
This is why working with a trusted vendor is critical.
Informed and capable vendors should also be able
to provide multiple options for data center locations
to accommodate your needs and preferences, while
also helping you to determine what's best for your
organization in light of any specific business and
regulatory requirements.
3. Knowing your roles and responsibilities
Across your supply chain, there are likely many
different organizations with varying roles handling your
data. While it is ultimately your choice to decide who
gets access to what, the partners you choose also have
responsibility in ensuring your data is properly managed
and secured.
For instance, as the data controller, it's your job to
be diligent and vet the channel partners and vendors
you work with. You must also confirm what data they
have access to and how they intend to manage, store,
and secure it. You're also responsible for continuously
evaluating their practices to ensure they are abiding by
best practices and honoring their commitments.
But it's not all on you. Those technology partners
and vendors generally act as your data processors.
That means they become accountable for technology
deliverables and must remain transparent about how
they will handle and protect your data. They must
also take responsibility for any of their own actions
(including that of their respective suppliers) that may
impact your organization, or are misaligned with the
commitments that they may make towards you.
