Implementing privacy requirements into technology is cumbersome these days. On the one hand, we see the speed at which technology develops; on the other hand, we observe ambiguity during the implementation of privacy regulations into the operation of organizations. It is like replacing one engine of a plane during the flight. You cannot freeze the environment and implement, test and release. The "show" must go on. Key here is to implement security measures step by step and by segment of the environment. A segment can be a critical value chain or business process that processes Personally Identifiable Information (PII) that you want to protect more, monitor with more intensity and report on periodically or, in case of a breach, within minutes. Zero Trust Security is a strategic approach to information security that embarks from the perspective of defining critical segments that house crown jewels (aka the protect surface) and implements security measures according to a structured process. These measures also encompass data privacy requirements like Data Leakage Protection, Breach notification etc. This paper is an empirical examination with CISO's and DPO's to complement and enhance Zero Trust with additional real-time data protection requirements which can be implemented without major disruption of the "show".
FULL PAPER
