Data privacy is the most prominent issue that will impact how businesses gather, store, process, and disclose data in 2019 … and for years to come. In Gartner’s list of top 10 strategic technology trends of the year, data privacy and ethics occupies a slot alongside AI-driven development, blockchain, and edge computing.
Recently we had the pleasure of presenting the webinar Data Privacy: The “How” Behind the “What” as part of BrightTALK’s Data Privacy Day Summit. (Can’t see the embedded replay above? Click here to view it on our BrightTALK channel.) Among the topics we covered was the four-step approach we use when we help clients prepare for data privacy — four steps that will work for almost any organization.
Step 1: Analyze
As in any large-scale IT project, you need to start with your “as is” — where you stand today. You’ll spend most of your time in this first step, where you analyze the most critical piece of your data privacy readiness plan: your data. Involve both IT and lines of business to help you determine what data you have, what you’re doing with it, where it’s located, who can access it, and your business reasons for having it.
Step 2: Plan
Once you understand your data, you can build a strategy for what you need to accomplish. Identify the gaps between your current state and what the applicable data privacy laws require, and map out the measures you need to take to fill those gaps.
Step 3: Implement
This step is where you implement the changes outlined in your plan, which may include
- Updating existing policies and third-party contracts
- Writing new policies
- Implementing system changes such as access control, consent management, and other security measures, as well as capacities to accommodate data subjects’ rights (halt data processing for those who opt out, delete data without “orphaning” other records, etc.)
- Creating procedures for required actions, such as accommodating a data subject’s request to access or erase her data, after verifying the that data subject is who she says she is so you don’t accidentally contribute to identity theft
Step 4: Govern and Train
It can be tempting to call your project “done” after you complete the implementation step, but your work has actually just begun. Your business needs and technology are always changing, and you need a governance plan for watching over your data privacy practices so compliance can be an ongoing effort.
Conduct training at all levels of your organization — not everyone has to have a detailed understanding of data privacy law requirements, but at a minimum they should understand when they need to ask a question or raise a flag. Remember to build in regular re-assessments of your data systems and processes, so you can identify and address any triggers that could affect your compliance status. And consider gamification to reinforce your training and to keep a data privacy mindset top-of-mind at all levels of your organization.
Connect with the authors:
We're Here to Help
Questions about where to start with your organization's data privacy readiness program? Get the answers you need in a complimentary 15-minute call with one of our data privacy experts: