If security is a system and digital compliance requires a unique approach, it happens, however, that the latter is sometimes seen, in the company, as an obstacle to digital innovation, capable of slowing it down rather than integrating with it.
This phenomenon affects, in particular, those realities in which the digital transformation does not go in the direction of making the operations that concern compliance with regulations (especially their changes and updates) and their concrete application more streamlined and more agile. The crux lies precisely in this passage.
And the decisive element, in this case, is to extend the scope of the digitization process to all the registers of the organization and to all company levels. What is fundamental is to create a balance, find the balance between
“compliance” and “digital”, that is, between the full observation of the discipline on security and the most advanced digital technologies: the complete success of the path that leads to digital transformation possesses this base.
Another key point is to be able to focus compliance activities on the company sectors deemed to be at greatest risk for privacy and data security. To do this, a precise risk analysis and real-time monitoring is required which, precisely where the digitization process is underway,
can be carried out by resorting to the adoption of artificial intelligence techniques, including machine learning, capable of automating the collection, processing and analysis of large amounts of data, with the aim of identifying
(and making predictions about) events deemed suspicious from the point of view of security, while allowing, at the same time, to resize timing and expense relating to controls and to implement accuracy and effectiveness.
With this type of operation we are in the domain of GRC – Governance Risk and Compliance activities, which see the integration between risk management in the company and compliance with the body of rules on data protection and security.
At what point are Italian companies with privacy compliance?
Italy, in the fourth year of application of the GDPR, still presents several critical issues in “conforming” to the envisaged measures. In particular, in a survey by the law firm DLA Piper – carried out in collaboration with Italian Privacy Think Tank
(Iptt) and which saw the participation of seventy-five companies from various sectors, including IT, banks, financial services, insurance, media and telecommunications, food & beverage, retail – our country emerges, in the EU, as the one with the highest overall number of sanctions for non-compliance with the Regulation.
Among the aspects most contested by organizations, by the Data Protection Authority, that of the lack of consent from the subjects involved in data processing. And this to a greater extent in the context of telemarketing activities, in which the study highlights a lack of internal control by the companies themselves.
Another aspect is that relating to data retention, on which the Guarantor is particularly careful and strict and on which Italian companies still show uncertainty in the concrete application of the discipline.