Data privacy laws have been around for decades, but in 2016, the European Union passed the General Data Protection Regulation (GDPR). More laws have followed—including the California Consumer Privacy Act (CCPA)—each with its own requirements. But as a category they are unlike previous laws for three main reasons:
Sometimes just the phrase “data privacy regulation” is enough to leave you reaching for a caffeinated beverage to stay awake for what follows … or just clicking “Forward” and asking the legal team to handle it. Because that’s their thing, right?
Well, yes … partially. Your legal team is responsible for understanding what data privacy laws like GDPR and CCPA require from your organization, writing the required policies, and serving as internal consultants for other teams. But IT still has a role to play—a big one.
To achieve readiness for GDPR, CCPA, and other data privacy laws, businesses are tasked with a host of responsibilities, including getting customers' consent to gather and use their personal data via opt-in/opt-out measures, protecting personal information against intentional and unintentional data breaches, and enabling customers to exercise control over their data for as long as the company holds it.
In laying the groundwork for meeting these requirements, IT can help the business understand what personal data it gathers and stores, where that data is located, where it goes (both within and outside of the organization), who has access to it, what happens when it's no longer needed, and other important factors.
When this understanding is in place, IT can ensure that the business has the data architecture in place to honor the rights that privacy laws convey to its customers, such as
• The right to access: When customers ask for their personal information, IT helps ensure that the business is able to deliver complete, accurate data within the required timeframe.
• The right to erasure: When customers request deletion of their personal information, IT helps ensure that deletion can occur in all locations where personal data is found.
• The right to revoke permission: When customers revoke permission to use their data for a certain purpose, IT helps ensure that the requester’s data can be excluded from all related processes.
If this sounds like a lot, well, it is. Most IT departments have more than enough on their plates, without adding new projects related to architecting for data privacy readiness. That’s where we come in.
Logic20/20 has worked with dozens of clients across industries to help them prepare for GDPR, CCPA, and other data privacy regulations, bringing together a unique team of lawyers, data experts, and strategists—all thoroughly versed in data privacy requirements.
We focus our data privacy approach on achieving readiness for GDPR, CCPA, and/or whatever similar laws apply to your organization. Our experts help you achieve an ongoing understanding of the data in your organization that keeps you aligned with existing regulations, prepared to respond to data requests, and ready for future requirements.
DPaaS runs a bit like a traditional managed service, but with a dedicated team of data privacy professionals that improve your ecosystem and stay on top new regulations. We take the time to understand your current data privacy program, establish lines of communication, and provide cross-functional training across teams.