Privacy Compliance
Concerns around handling customer and employee data have rapidly risen up the agenda for every organisation. Global privacy laws such as GDPR and CCPA, plus standards such as HIPPA and ISO27552 fundamentally change how everyone needs to think about privacy.
Unless you clearly understand how you handle and process data throughout your organisation, you cannot be compliant, and you are at risk of fines and prosecution.
Every jurisdiction in the world has privacy legislation in place or in preparation, which makes achieving compliance an increasingly complex undertaking.
100
plus countries already have legislation in place to secure the privacy and protection of data
€245M
Total fines levied on some 390 organisations under GDPR
50%
of companies receive up to 100 privacy requests from their customers on a weekly basis.
The SaaS Dilemma and Privacy
The task of achieving compliance is made even more challenging due to the overwhelming shift to remotely-accessed Cloud applications (or SaaS).
With Cloud apps, you no longer have total control over the software you use and you place much greater trust in your software vendor to follow appropriate legislation. You give your data to the SaaS vendors and hope that they will look after it.
But under privacy legislation you still maintain responsibility for your customers’ data.
So, do you really know what your users are doing with SaaS and where your customer data is stored?
Do you really know about all the SaaS that is in use within your organisation?
At Ampliphae we find that the majority of organisations do not know about all the SaaS Cloud apps in use, and cannot fully track privacy data as it flows out of the organisation and into the Cloud.
We find that the predominately manual methods used to understand and manage compliance in support of GDPR are not extensible to the long tail of vendor-managed SaaS.
This is a ticking timebomb that exposes your organisation to potential privacy violations, meaning the benefit you accrue from SaaS may well be more than offset by the risk involved.
To mitigate this risk you must be able to discover the information you need to ensure you can demonstrate compliance with legislation from across the globe.
Automatically Understand the Scale & Size of your Privacy Problem
Discover
Discover all the SaaS Cloud apps in use within your organisation.
Collate
Collate and assess all your SaaS vendor privacy policies.
Vendor policies
Determine the suitability of SaaS vendors to process your privacy-sensitive data.
Geo-residency
Understand the geo-residency for ALL your data as handled by SaaS vendors.
Drive your Privacy Compliance Programme
Map
Map privacy data flows against all the SaaS that is used to realise your services.
Understand risk
Understand where SaaS poses a risk to your compliance with privacy legislation.
Act
Act to control how specific SaaS is used within your organisation, restricting its use in areas where privacy compliance is a concern.