Research highlights growing data protection compliance problem

New data protection legislation and its increasing enforcement is prompting boardrooms to take another look at compliance strategies, according to the latest paper from the RSA Security-backed Security for Business Innovation Council.

The report, A New Era of Compliance: Raising the Bar for Organisations Worldwide (PDF), highlights how increasingly prescriptive regulations, alongside growing partner requirements and a tougher approach from regulators, are forcing organisations to get more serious about compliance.

The Council's research offers several recommendations for companies looking to respond to this increasingly demanding landscape.

These include building a risk-based approach to compliance which involves all relevant stakeholders, creating a consistent set of controls mapped to regulatory requirements and business needs, and strengthening security agreements with third parties.

Also recommended is "operationalising" compliance so that it is fully embedded into the business, and establishing an enterprise governance, risk and compliance strategy that consolidates all necessary information from across the organisation to manage risk and compliance and provide visibility into controls.

RSA Security's marketing director Andrew Moloney argued that a greater degree of prescription and global harmonisation of data protection legislation can only be a good thing for enterprises.

"Clearly we live in a world where compliance is never going to get any simpler and at the same time businesses are under pressure to deliver more efficient business models," he added.

"When you bring them together in more efficient models there are savings to be made."