Almost every organization must manage compliance. In this video, you’ll learn about compliance requirements associated with data localization, the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS).
An ongoing challenge for IT professionals is to maintain compliance with the laws, policies, procedures, or other rules that may be associated with their type of work. Some compliance requirements are brought on by the type of business that someone might be in, but other compliance is brought by laws associated with state, local, or other agencies. And in some cases, not following these compliance requirements may result in fines, incarceration, or loss of employment.
And these compliance requirements may be wide ranging. It may be something that is a national, territory, or state law, or there may be domestic or even international requirements that have to be followed.
In many geographic areas. One type of compliance is associated with data localization. This means that any data that is collected by that country must stay inside of that country. An example of this can be found in the GDPR. This is the General Data Protection Regulation that is associated with the European Union.
There are a number of rules associated with how data should be stored and where data should be stored and whether these data localisation requirements are part of the GDPR or part of another type of compliance regulation. You need to make sure that you understand where the data is supposed to be located and where that data can move once it’s been stored.
But the General Data Protection Regulation, or the GDPR, involves much more than just where the data can be stored. This is a regulation that’s associated with the protection and privacy of data associated with individuals that reside within the European Union. This includes, but is not limited to, their name, address, photo, email address, bank information, websites they visit, and any other type of data that that user may be gathering.
The GDPR states that any data that is collected on European Union citizens must be stored in the European Union. The users can, of course, decide where their data goes and can choose to have their data removed from sites if they prefer. The GDPR is designed to give individuals control over their own data, and although it’s often described as a right to be forgotten, it may be better described as a way for individuals to protect data that they themselves own.
Another type of regulatory compliance is not one associated with the law, but is instead associated with an organization. This is the PCI DSS. This is the Payment Card Industry Data Security Standard and is a standard designed by the payment card industry to protect your credit card information. There are six different areas of focus associated with the PCI DSS.
We need to build and maintain secure networks and systems. This is something that will help protect data as it’s moving across that network. We need to protect cardholder data, especially information associated with someone’s private information. We need to maintain a vulnerability management program, which is especially important if you’re an organization that is storing credit card information. We need to implement strong access control measures so that only the people required can gain access to this credit card data.
There needs to be regular monitoring and testing of these networks to ensure that all of these policies that we’ve put in place are indeed working as expected. And we need to maintain an information security policy so that we have a broader scope on how to protect not only the credit card information, but all of the data within our organization. Organizations are often audited to see if they are following the policies associated with the PCI DSS, and an organization that is not following these policies could result in them not being able to process credit cards any longer.