GDPR, CCPA, and other data privacy laws are changing the way companies must approach the personal data they gather, store, process, and disclose. And it’s not just legislation that has businesses concerned. Consumers are more keenly aware than ever of how companies are using their personal data, and potential business partners are reviewing data privacy practices as part of their due diligence measures.
Most businesses are well informed on the “what” of data privacy legislation — what the laws require, which organizations they affect, how they define personal data, etc. — but many are still wondering how to prepare their organizations on a practical level.
On January 28, Primitive Logic will present Data Privacy: The “How” Behind the “What” as part of BrightTALK’s Data Privacy Day Summit. Among the takeaways will be a step-by-step guide to aligning your systems and business processes with data privacy requirements, which begins with the input phase.
Quality In, Quality Out
A good rule to remember in your data privacy readiness plan is “quality in, quality out.” By being diligent in the input phase and capturing good information from a variety of sources, you can gain a thorough understanding of your data — what you have, where it’s located, who has access to it, how and where it flows, etc. — which will lay the groundwork for an effective readiness program. Once you understand your data architecture and processes, you can identify gaps between your current practices and the requirements that apply to you, and from there, you can build a plan for bridging the gaps.
This is the “homework” part of the input phase that will prepare you for your interviews with business users and IT teams (more on those below). A good first step is leveraging the resources you have already created or implemented:
- Survey Results: Some organizations make the mistake of thinking a survey is all you need in the input phase. While surveys won’t give you all the answers, they can provide valuable information when combined with other input elements, especially your interviews.
- IT System Documents: Chances are you have some kind of documentation of your organization’s IT system. Even if it’s a couple of years out of date, it can offer some valuable insights about how you handle personal data.
- Data Discovery Tool: There are tools on the market that can automatically track down data across your organization; however, not all are equally effective, and not all organizations can afford them. While these tools can be extremely helpful for midsize-to-larger businesses, smaller organizations may not need them due to their smaller number of systems.
Interviews with Business and IT Teams
This is where you start to get a clear picture of how your organization uses personal data as part of your standard operations. Schedule face-to-face interviews whenever possible, and when speaking with business users, steer clear of technical questions and ask them about what they do on a day-to-day basis. Listen closely to their responses, and keep asking questions until you get the insights you need.
Keep in mind that you may not get all the information you need in the first interview, and be prepared to schedule as many follow-ups as needed.
The results of these interviews, combined with the background research you’ve already done, will help you understand the systems and business processes that involve personal data, and you’ll have what you need to move forward with a successful readiness program.
To learn more about the step-by-step process to get your systems and processes ready for data privacy regulations, join us for our webinar Data Privacy: The “How” Behind the “What.”
Connect with the authors:
We're Here to Help
Questions about where to start with your organization's data privacy readiness program? Get the answers you need in a complimentary 15-minute call with one of our data privacy experts: