Data privacy in 2020: Data management for a multi-regulation environment
GDPR, CCPA, and other data privacy laws have been dominating technology conversations for several years now, and many businesses are still struggling with the question of how to operationalize their readiness strategies.
With two major pieces of data privacy legislation in force and more on the way, businesses must prepare for a multi-regulation environment. Because data privacy laws tend to share common factors in the rights they grant to individuals and the obligations they assign to businesses, we recommend taking a top-down approach instead of addressing regulations on a one-by-one basis.
While these individual data privacy laws differ in focus, they all share a common theme: they require businesses to get a handle on their data. In our most recent webinar, we shared strategies to help organizations derive greater business value from their data while also laying a foundation for data privacy readiness programs. (Can’t see the embedded replay below? Click here to view it on our BrightTALK channel.)
Understanding the data lifecycle
Many companies are focusing on data privacy from a legal and security perspective, both of which are definitely foundational, but are missing the focus on data. Aligning with the business obligations under data privacy laws — including transparency, control, and security measures — requires first understanding the complete data lifecycle:
Once you have a firm grasp on your data lifecycle, your legal and security teams will have the foundation they need to align with specific requirements of data privacy laws (privacy policies and procedures, contracts, data breach practices, etc).
Governance is key
Once your organization is ready for the data privacy laws that apply to you, it’s essential to ensure that you stay on the right track. “Compliance,” as we understand it, is a point in time — you can be in compliance one moment and out the next. Ongoing readiness requires continuous reassessment and adaptation to triggers that can impact your compliance status, which can be external (e.g. regulatory interpretations, judicial clarifications) or internal (e.g. new personal data being collected, mergers and acquisitions).
A solid governance program enables you to operationalize oversight of your data privacy practices and adapt to changes as they arise, without overcomplicating it. Below are a few common elements of successful data privacy offices and governance programs:
Want to learn more?
See how Logic20/20 can help.
Jill Reber, General Manager of Data Privacy at Logic20/20, is a nationally recognized expert on data privacy — particularly GDPR, CCPA, and other data protection laws — and has spoken on the topic at conferences sponsored by Information Management, American Banker, International In-House Counsel Journal, and other national and international organizations.
Follow Jill on LinkedIn