Data Security and Compliance are separate but very related things. Data Compliance is adhering to the guidelines, regulations, or laws that are expected in data management. Data Security is the actual ways in which you keep your data safe and secure.
Here are some questions you should ask every time to add new data, processes, or resources.
Data Collection
- Do you already have the data?
- Can it be used as is?
- What data do you need?
- Where does the data come from?
- How secure or trustworthy is the source of the data?
Data Retention
- What data do you need to keep?
- How long must you keep the data?
- What data can you delete?
- When can you delete it?
- Are there any regulations or laws around storage?
Data Access
- Who has access to the data?
- How is the data accessed?
- What security measures do you have in place?
- Who is the data shared with?
- How is it shared?
- How do you ensure security while the data is in transit or being shared?
Compliance
- Who in your organization is responsible for compliance?
- Do you have a Regulatory Risk and Compliance Management Process?
- What compliance or governance are you required to follow?
- What additional guidelines or ethics does your organization require?
- Do you have a Regulatory Risk and Compliance Management Process?
- Is everyone with access educated on compliance and guidelines?
- How do you ensure compliance?