Data governance has become a huge topic of discussion in the tech, cybersecurity, and risk management fields. Without data governance, regulatory compliance—that is to say, adherence to the legally binding obligations and guidelines for conducting business in a given territory—becomes a challenge. In other words, in order for compliance to be effective, you need to have a clearly defined data governance strategy.
Regulatory compliance has always been included in risk assessments, especially in industries where products need to be of certain safety specifications or where minimum health standards need to be met. However, the vast majority of companies only had to worry about government legislation in their own country. With the globalization of trade, the explosion of “big data,” and the ease of web connectivity, virtually any company that does business online or collects data (even for marketing or analytics) needs have a clearly defined data governance strategy. Without such a strategy, the consequences of not ensuring compliance can be quite stark. For example:
- The Federal Trade Commission (FTC) fined Equifax $700 million for failing to keep the personal data of its users safe.
- British Airways were fined $230 million dollars by the UK’s Information Commissioner’s Office for breaching compliance laws and regulations on data security.
- France fined Google $57 million for its lack of compliance with GDPR data privacy rules.
So, what exactly do data governance and regulatory compliance mean for organizations like yours?
Rules and regulations
Many laws and regulations govern how an organization can do business. For the sake of this post, we will focus on those for which we have expertise, namely privacy, data security, and the broader tech sphere. Not that that greatly narrows down the breadth of data governance; in the U.S. alone, there are more than 10,000 regulations covering the usage and processing of data in a wide variety of fields, such as healthcare and finance.
For organizations conducting compliance audits of their data protection or privacy measures, there are a number of key pieces of data governance legislation to take into account. These include:
- GDPR: The General Data Protection Regulation outlines the procedures, permissions, and security required for all organizations that process the personal data of EU citizens, even if they are not based in the European Union themselves.
- CCPA: The California Consumer Protection Act enforces similar GDPR-style regulations for any organization processing the personal data of Californians.
- PSD2: The EU’s Payment Services Directive has been in force since September 2019. As we have written here, it introduces compliance implications for financial institutions such as the introduction of Strong Customer Authentication and secure certificates.
- HIPAA: A longer-standing compliance regulation governing health insurance, medical records, and other personally identifiable information in the U.S.
Complying with all necessary regulations in the various jurisdictions where one does business can require major cultural changes within an organization. These changes can include structural improvements, such as the introduction of practices and technology designed with compliance in mind.
Our expertise in data protection and compliance was part of the driving force behind the development of the Intertrust Platform, our secure data sharing platform. Intertrust Platform helps ensure data governance by enabling trusted data exchanges and secure collaboration on virtualized datasets between internal and external stakeholders. The Platform’s fine-grained control and audit trails allow for clear policies and understanding of access rights.
Data governance in action: Intertrust Platform and E.ON
Intertrust Platform has already been put to use across the world to create secure data exchanges between multiple, often competing, organizations while adhering to data governance regulations. One such example is our work with E.ON in Germany.
When it comes to data protection, the German regulatory environment is one of the most thorough in the world. This has created a particular obstacle for Germany’s initiative to roll out electric vehicle (EV) charging points across the country. In addition, Germany has over 800 distribution service operators (DSOs) which run its grid. Germany’s fragmented energy delivery model and the laws and regulations set out by the BDSG (the German Federal Data Protection Act) create a hugely complex data sharing tapestry.
E.ON uses the Intertrust Platform to navigate these various complications and enable timely and effective data sharing between multiple partners. Specifically, it developed two apps, one of which allows municipality workers to locate, mark, and communicate about optimum placements for EV charge points. The other app enables network planners to access vital technical data, such as load capacity, proximity to grid lines, and other information to assess charge point viability.
The ease of collaboration while adhering to data governance regulations has allowed E.ON to cut the lead time for determining grid viability from ten hours to five minutes. The Intertrust Platform enforces fine-grained rules and policies governing data access to ensure all of the operations and processes are compliant. This includes protecting personal data from unauthorized access, using geotags to limit access for workers from one municipality to another municipality’s data, and maintaining an audit trail through securely logging all access requests.
Data governance by design
Data governance and regulatory compliance are major concerns for organizations in the age of mass data collection and usage. Laws and regulations, such as GDPR and the CCPA, have introduced significant risks. They also present opportunities for companies who adapt to the new regulatory environment and use it to power positive change in how their organization operates. These opportunities include:
- Reduced risk and protecting the organization from regulatory investigations and fines
- Improved clarity over procedures; for example, taking a uniform approach to how data should be stored across all arms of an organization
- Expanded market share opportunities over competitors who are struggling to ensure compliance
- Increased profitability through streamlined communication, reporting, and decision velocity
Intertrust is helping companies across the globe build compliance and data governance by design into their processes. Intertrust Platform improves collaboration, enhances security, and ensures compliance, making it an essential tool for collaborating organizations. To find out more, read more here or get in touch with our team.
About Shamik Mehta
Shamik Mehta is the Director of Product Marketing for Intertrust's Data Platform. Shamik has almost 25 years of experience in semiconductors, renewable energy, Industrial IoT and data management/data analytics software. Since getting an MSEE from San Jose State University, he’s held roles in chip design, pre-sales engineering and product and strategic marketing for technology products, including software solutions and platforms. He spent 6 years at SunEdison, once the world's largest renewable energy super-major, after spending 17 years in the semiconductor industry. Shamik has experience managing global product marketing, GTM activities, thought leadership content creation and sales enablement for software applications for the Smart Energy, Electrified Transportation and Manufacturing verticals. Shamik is a Silicon Valley native, having lived, studied and worked there since the early 90’s.