What is data compliance?

Data compliance is the collection of efforts that allow a business to follow data privacy regulations.

Learning Objectives

After reading this article you will be able to:

  • Explain what data compliance means
  • Compare data compliance with privacy and security
  • Make the case for why data compliance matters

Copy article link

What is data compliance?

Data compliance is the act of conforming to the laws and industry standards for storing, handling, or processing personal information or sensitive data. To protect privacy, there are many different types of regulations today regarding personal and sensitive data. Organizations that do not follow these regulations may violate personal privacy, and as a consequence may receive fines or other penalties from the relevant governing bodies.

Individuals have various rights regarding their personal data under these regulatory frameworks. Both the rights and the way these rights are described can vary across jurisdictions — there is no one-size-fits-all set of standards. However, following typical best practices for the handling of personal information (for instance, the Fair Information Practices) can start an organization in the right direction for compliance.

Why is data compliance important?

Protecting individual privacy:

Complying with data privacy regulations, as might be inferred, helps keep personal data private. Many sets of privacy laws give consumers control over their data, allowing them to edit or in some cases delete it, and require that organizations collecting data let consumers know who can see their data and how it is used.

Many (including Cloudflare) consider privacy to be a desirable goal in and of itself. But regardless of one's views on privacy, organizations that respect consumer privacy are more likely to be trusted by their users and customers.

Avoiding fines and other punishments:

Organizations that wish to continue to do business in various regions, and to avoid negative business outcomes such as fines, should value data compliance highly. Many regulatory frameworks give local courts strong power to impose fines, sanctions, and other penalties for violations.

For instance, the General Data Protection Regulation (GDPR) fines are:

  • First-tier violations result in a maximum fine of either €10 million or 2% of the business's worldwide revenue, whichever is higher
  • Second-tier violations result in a maximum fine of either €20 million or 4% of the business's worldwide annual revenue, whichever is higher
  • On top of these fines, individuals can seek compensation for damages when a business violates their GDPR rights

Avoiding data breaches:

While data compliance is not in and of itself the same thing as securing data, the controls required by most data privacy frameworks will usually make data more secure. This reduces the likelihood of a data breach.

What are the major data compliance standards to follow?

Each region usually has their own data regulations, and more are passed by legislative bodies all the time. Some of the major ones that likely apply to any business operating globally include:

  • General Data Protection Regulation (GDPR): This is a comprehensive data privacy law that establishes a framework for the collection, processing, storage, and transfer of personal data. The GDPR applies to any organization that offers goods and services to people in the EU.
  • Health Insurance Portability and Accountability Act (HIPAA): This is a US federal law that regulates how health information is handled. The US currently lacks an overarching data privacy framework but does have industry-specific regulations like HIPAA.
  • Payment Card Industry Data Security Standard (PCI DSS): This framework is maintained and enforced by the PCI Security Standards Council (PCI SSC), a private-sector industry group founded by a number of credit card companies. PCI DSS applies to businesses that process credit or debit card transactions.

Others to know include the California Consumer Privacy Act (CCPA), the ePrivacy Directive, the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, and the Sarbanes-Oxley (SOX) Act.

Cloudflare is built for compliance, and is designed to offer organizations the features and solutions they need to remain compliant. The Cloudflare connectivity cloud simplifies compliance by offering composable controls in a single platform. Explore how Cloudflare simplifies data compliance.