Data Privacy: Becoming Compliant

Recent years have seen a shifting tide in data privacy and user data protection regulations. Relatively speaking, data privacy can be considered a “new” topic. 100 years ago, for example, regulations around customer data tracking, reporting, and consent did not exist because customer data points weren’t being tracked. Today is a new day. Government agencies have entered the fray to declare what businesses must do to keep their customers safe.

When  the European Union enacted the General Data Protection Regulation (GDPR) law, many business leaders viewed the new law as disruptive and inconvenient. However, as pressure mounts to become compliant, leaders should treat this as an opportunity to create more secure customer experiences which, in the end, can differentiate them from the competition.

GDPR In a Nutshell

According to the official GDPR website, the basic goals of GDPR are as follows:

  • Harmonize data privacy laws across Europe.
  • Protect and empower all EU citizens data privacy.
  • Reshape the way organizations across the region approach data privacy.

Ultimately, the purpose of GDPR is to protect consumers. But it has also forced many sectors to rethink how they manage their data. For many organizations, this queued the beginning of a new era. Business and IT leaders alike have seen their roles redesigned around GDPR compliance because there were no organizational standards in place before. Now businesses face fines and penalties if they aren’t following the requirements to ask users permission to collect their data, store it, and use it responsibly. While it might seem like GDPR only regulates European businesses, any business with global customers falls under this set of rules.

Other Data Privacy Regulations

In addition to requiring companies doing business in Europe to comply with new regulations, GDPR also served as inspiration for privacy policies around the globe. The biggest, and most recent regulation, is described below:

The California Consumer Privacy Act of 2018

The full California Consumer Privacy Act (CCPA) can be read here, but a short summary of what changes businesses must make to comply are:

  • Consumers have the right to know what data is being collected about them, where it is being collected, what it is being used for, if it is being sold or traded to anyone else, and to whom it is being sold to.
  • Consumers have the right to opt out of allowing a business to sell their personal information to third parties. Additionally, any consumers under the age of 16 have the right to not have their personal information sold at all without their parent or guardian’s consent.
  • Consumers have the right to request that a business delete their personal information (with some exceptions).
  • Consumers have the right to receive equal service from a business even if they have enacted their privacy rights under CCPA.

Much like GDPR, the CCPA will ultimately create a more transparent and safe economy for consumers.

What Do These Regulations Mean for Business?

The reason so many business leaders have shown concern about meeting the new privacy regulations enacted by GDPR and CCPA is because it disrupts their current practices of how they store and handle data. However, some have also taken it as an opportunity to provide a better customer experience. Below are some helpful tips for how to make sure a business or organization is in compliance with GDPR and CCPA and how these changes are actually opportunistic for business leaders.

Tip 1: Understand GDPR and CCPA

This seems like a no-brainer, but one of the bigger challenges for meeting new regulations is not understanding them. Taking the time to read the laws and understand what is being tasked can help eliminate some headaches before they begin. It can also turn a business leader into a subject matter expert. This can build trust and confidence within an organization and lead to more trust and confidence for customers.

Tip 2: Data Map

Knowing how data moves through an organization is a key aspect to compliance for GDPR. If a company can’t inform their consumers how their data is collected, where it is stored, and how it gets there, there is no way for that organization to comply with the law. Creating a simple data map is a good first step to understanding the life cycle of a data point within a company. This is an opportunity to better understand data in general, but also have a full understanding of how it moves through all business processes.

Tip 3: Reporting Breaches

This one should be a little bit easier, but just make sure there are proper paths set in place to report internal (and external) data breaches when they occur. Cyber security is a big topic of discussion recently because more and more companies are feeling the threat of cyber criminals. Having a succinct, actionable plan in place for reporting a suspected breach helps organizations understand their responsibility in mitigating the impact. It can also help consumers protect themselves as quickly as possible when a breach has occurred.

Tip 4: Website Concerns

The big things to keep in mind when getting a website GDPR/CCPA compliant are correcting opt-in forms and cookie consent. Many websites have enabled an opt-in acknowledgement popup since GDPR was enacted and this protects a lot of potential compliance issues. The other top-of-mind topic is opt-in forms. For help making sure data collection forms are compliant, click here.

Get “GDPReady” to Go

Those tips can get a business on the right track to meeting and maintaining GDPR and CCPA compliance, but there is much more to it. At the end of the day, this is a global sweep to protect consumers and while it may be tedious and occasionally disruptive to a business to meet these standards, eventually everyone wins. A disruption is often an opportunity to grow, and this is no exception. If compliance causes too much of a headache, business leaders do always have the option of contacting outside firms to help them meet the standards. Sometimes this is a quicker, safer way to meet regulations and build trust with consumers.

Product Management, the JDK WayCentralized Identity Management