What is the role of IT in data compliance?

Our team is very closely connected with data privacy teams. In fact, IT worked with legal to kick start the privacy track. So, IT has always been an integral part of the privacy team often owning and managing privacy tools and project management. IT is deeply involved in data discovery, and even the painstaking process of updating Data Protection Impact assessments (DPIA) and whatever is required for GDPR, CCPA and other privacy compliance requirements. It's so critical that IT continues to find innovative ways to automate privacy operations to transform tardy compliance requirements to a swift and agile operation.

13 views
3 comments
1 upvotes
Related Tags
Anonymous Author
Our team is very closely connected with data privacy teams. In fact, IT worked with legal to kick start the privacy track. So, IT has always been an integral part of the privacy team often owning and managing privacy tools and project management. IT is deeply involved in data discovery, and even the painstaking process of updating Data Protection Impact assessments (DPIA) and whatever is required for GDPR, CCPA and other privacy compliance requirements. It's so critical that IT continues to find innovative ways to automate privacy operations to transform tardy compliance requirements to a swift and agile operation.
0 upvotes
Anonymous Author
For the last few years, since GDPR and increased regulation, this has really been a big thing that you need to know about in IT. You can't just sit back and wait for someone to come bring you into things. You should know where your data is residing before someone's asking you, right? What providers are you using? Where are those providers saving the data? That's really an IT thing. If you think back to how it was historically, as an IT department you knew where every server was, what data center it was in, and what application it was running. Simply the fact that we've gone into a SaaS environment, I don't think that really alleviates the responsibility of knowing where your data resides. I think that's an IT responsibility. Now, do you need to know every legal aspect of it? Probably not. But I think it's one of the things where, from an IT practitioner standpoint, I think you need to be proactive in understanding the changing environments and meeting with your legal team to say, "Hey, here's where we know we have stuff. Here's what countries we know we operate in," and not just expect them to understand every aspect of it and come to you.
0 upvotes
Anonymous Author
sets policy and is responsible for coverage
0 upvotes