1
Data governance and security
•
•
•
2
Managing different types of data
such as the protection and licensing of IP rights
the overlay of confidentiality and know-how
getting the contractual frameworks right and increasingly (in Australia and globally) the impact of regulation
3
Compliance standards
Though there are varying data privacy obligations around the world, many businesses view the GDPR and ISO standards as their “north star” in guiding policies and practices.
4
Cyber incident readiness
the scope of their insurance coverage and whether this may cover possible cyberattacks
which government and regulatory stakeholders will need to be engaged in the immediate aftermath of a cyber incident
current data retention purposes and processes
5
Impact on business
While compliance obligations can appear to present a barrier to product road maps, businesses should consider how to build in privacy by design as a competitive differentiator.
Compliance obligations add cost pressures to businesses that need to manage risks arising from their supply chains.
“If your privacy loses the trust of your customers, you will lose your customers.”
Obtaining business buy-in is key to effective data governance.
•
•
•
Companies are rightly focussing on privacy issues especially in the current environment. However, there are a range of other issues which need to be considered in any data strategy:
The days of permissionless innovation are gone!
These were the key insights
Privacy and data security is the responsibility of everyone in a business. GCs are considering new ways to ensure all levels of a business remain engaged with data privacy, including through the use of embedded ‘Privacy Champions’.
Evaluating opportunities and risk around data use is broader than whether something is legal – it is increasingly also about what the public expects of business. It is important to ask ‘should I do this’ as well as ‘can I do this’.
"The days of permissionless innovation are gone!"
There are different requirements for managing different kinds of data. Legal teams face a lack of clarity about the obligations and risks relating to various data categories due to a myriad of overlapping national and international regulations.
Recent events underscore the need to plan ahead for cybersecurity risks. At a minimum, businesses should seek to understand:
•
•
•
•
•