In 2018, the European Union enacted a regulation on the protection and use of personal data entitled the General Data Protection Regulation, or GDPR. This resonates globally and has already spawned the first American privacy bill, the California Consumer Act, or CCPA. Both of them share the same idea: personal data should be treated well and kept sacred.

For our full take on the legislation, and how you can navigate your journey to compliance, download our Insight below.

We are providing this Insight as a framework for you to use as you consider the impact digital privacy laws have on your business goals. We present you with several facts and crucial actions you need to take as you confront data privacy challenges.

Here is just a taste:

What are these laws?

The most salient points of both regulations include protection of personal information, transparency, control, and remedy for misuse.

When should I be concerned?

While GDPR is already in effect in the EU, CCPA is approaching for California in January 2020, with similar regulations emerging in the US digital landscape soon after that.

Who needs to be involved?

Since nearly all employees touch some piece of sensitive information, they all should know about their companies’ privacy and security practices. The regulations also encourage consumers to manage their data with new tools. Meanwhile, companies can get substantial financial penalties for violating the regulations. But what can you do about it?

To rebuild the future, there are several possible steps to take.

1. Build your team

Your robust data team and Data Protection Officer (DPO) should develop a formidable knowledge based on all things compliance, and a complete understanding of all those “who, what, where. how” questions about the data lifecycle.

2. Update your data security model
3. Test, test, test!

Implement and test to make sure what’s written in policy works in practice.

4. Enable consumer controls

Customers should be empowered to direct how companies use their info, and how.

5. Rethink action methodologies

Companies must try to comply with all data privacy requests, without bankrupting yourselves by doing so. Second, all companies in the custody chain need to communicate with one another. Finally, you need to prove that you’ve honored a data privacy request.

6. Protect the custody chain

It’s up to compliant companies to eliminate the weak links in the chain of custody by denying work to non-compliant companies.

Attention to detail is needed as companies walk the path to compliance. If you can’t manage the process by yourself, SIGMA can lead you to your future state of complete compliance.

 

Download our SIGMA Insight