GDPR and CCPA are ushering in a new privacy-first expectation that is assured to become the law of the land everywhere. The result has consumers and businesses more active in managing how their data is used on their behalf. Forbes Technology Council has developed a helpful list for marketers to plan for evolving privacy requirements, including integrating customer data, understanding where data resides, and developing documented audit trails.
Rather than view data stewardship as a need for more regulation or compliance, think of it as a business opportunity. Think seat belts or the Clean Air Act: Companies that adapted early were well ahead of the game. Here are 10 areas to start laying down a more secure foundation.
Make Data Stewardship a Core Value
In the wake of the General Data Protection Regulation in the EU and California’s California Consumer Privacy Act, we can expect more privacy regulations. The best way to stay compliant is by taking a holistic approach and institutionalizing data privacy as a core value in your organization. Be transparent, practice privacy by design and privacy by default.
Consult Compliance and Legal Experts
Consult compliance experts and legal departments regularly to keep abreast of changes and ensure that your policies, procedures, and controls are updated. The acceleration of data privacy laws is forcing a mindset shift for organizations toward considering data privacy in terms of current and future processes.
Hire a Privacy Officer
Organizations should create a strong privacy foundation, hire a privacy officer, and have a well-thought-out policy to stay ahead of the game. You should make data privacy a core value so that it is easier to react to changing regulations because infrastructure, personnel, and awareness are already in place.
Invest in First-Party Data
Double down on customer data integration efforts. You’ve been trying to master siloed data to build a complete 360-degree view so that you can add new customers and build relationships with them. Now you need to know where all that customer data resides when they decide to change these relationships with you.
Collect Only Relevant Data
Avoid capturing any data without knowing how you intend on leveraging it. Not only is it inefficient with respect to storage and management, but it also expands your security risks. Think Smart Data rather than Big Data.
Keep it Fresh
Businesses have become natural hoarders of data. But we all know data protection and privacy is not going away any time soon, so business leaders should use this as an opportunity to thoroughly audit, cleanse and update their data stores, policies and procedures. Throw out data that isn’t benefiting you and tighten up the rest.
Protect Your Data Chain
Technology leaders need to focus on mapping their data supply chains—including gaining and maintaining an understanding of data sources, use restrictions, and other constraints—to appropriately manage privacy and security regulations and best practices.
Know Where Your Data Resides
Think about where your data resides and which jurisdictions it could be subject to. If you’re operating a mission-critical application in a specific country, it may be beneficial to run your workloads on regional cloud infrastructure to simplify the number of jurisdictions where privacy regulations apply to your data.
Documented Audit Trails
Data privacy policies change by region or country relatively rapidly. At a minimum, have a governance policy in place and make sure all of your systems have well-documented and understandable audit trails available to all stakeholders. This rule documentation will help with faster adherence to new policies.
Define User Experience
Consumer privacy acts, both in the U.S. (California Consumer Privacy Act) and overseas (GDPR), mandate how data is collected, stored, shared, and used. Though they vary in the specifics, the penalties for lack of transparency are universally punitive, whether the purpose was intentional or not. Strive for clarity on the front-end of your UX to avoid noncompliance on the back-end.