Categories
Data Compliance Data Privacy

What The EU’s IAB Consent Ruling Means For The Future Of Data Protection

The recent ruling that the IAB Europe’s consent gathering framework is unlawful is more than a regular wake-up call for data processors and controllers out there.

Seeing as Google, Amazon, and the entire tracking industry relies on IAB Europe’s consent system, the decision by the EU’s data protection authority should act as a wake-up call for data protection professionals.

The ruling will undoubtedly have substantial short-term consequences for companies (think data deletion, new consent gathering, trust, and transparency issues).

However, I feel that it is an opportunity for companies to rethink how they operate when it comes to data collection, privacy, and compliance.

The fundamental problem most companies face is that their data operations and way of thinking have more or less stayed the same. Compliance is seen as an add-on where processes, consent, and documentation are applied after setting the core data strategy.

Companies need to look at compliance as infrastructure and offer solutions built with a privacy-first mindset. It is not just about avoiding consumer backlash or fines. It is about ensuring a competitive business in the next 5 or 10 years.

 

Where can you start?

Understand your data

One of the most common mistakes that organizations make is that they often lack a single source of truth for their data.

If you can’t trust consent frameworks such as the IAB framework, then it’s more important than ever to have a holistic and contextual view of your data. Such a view should be able to answer at least:

  • How and when was the data collected.
  • What is the purpose of collecting the data?
  • Where is it stored?
  • The type of the data and the segment (consumer, employee etc).

Additionally, there should be systems in place to safeguard against the loss or leak of data, with sufficient systems against hacker attacks and software that would allow proper functioning even in case of certain types of crises, such as the one created by Continuity2 – BCMS provider.

 

Understand where your data is located in terms of flows

This extends to understanding data in terms of flows. It’s essential that organizations understand where the data they use is located, both in terms of region and vendors.

How does data flow in between these entities? These are all questions that require a holistic view of your data to answer. Obviously, you should take special notice of data leaving the EU region, but does your system automatically alert you to that?

 

Collect what you need (and understand where data is not needed)

It seems that the default approach for companies is to collect as much data as possible, without much consideration to whether the data being collected is needed.

It’s almost as if companies adopt the mindset of collecting it all now and cleaning it up later. The problem is that often companies don’t get to this later.

It could be time to take the approach of only collecting data that you need to accomplish your goals. It will not be a one-off task and will require monitoring as a company’s goals and datasets evolve over time.

But robust systems do exist that can alert data protection teams when data collection doesn’t meet defined collection requirements. It might be time to rethink these requirements in your organization.

 

Implement data retention

Has an effective data retention policy been implemented at your organization? Data retention is critical for modern businesses. Without it, too much data may be stored for too long, leading to operational inefficiencies, increased costs, and legal and security risks.

Retention isn’t just about how many different parameters you store. It’s also about the periods that you store it in and the purpose of the processing and storing of the data. For example, sensitive data should, in general, have a lower retention period.

You should also consider that if you must keep a certain amount of data due to regulatory demands, it might be beneficial to implement two retention rules.

When you do not have a need for the data anymore, you should move it to a place where it is less accessible and encrypt it. Then, once you are permitted to delete it entirely, you can.

 

Know your vendors and third parties

Understand your vendors, partners, and other 3rd parties you entrust with data. How are they processing your data, do you have the right to audit, etc.

Very few companies can manage all their data tasks without involving other parties. That’s why it’s crucial for data protection teams to know their vendors and data providers.

A culture of auditing is vital here. There are several tools that can help with this, but an excellent place to start is to make sure that you have a process for regularly auditing the third parties that you entrust with your data.

This lets you map out how data flows into and out of your organization and makes routine data compliance tasks such as opt-in, DSRs and other data processing requests much simpler.

Categories
Data Compliance

Data Compliance – What Is It & How To Get It Right

Whenever you interact with a customer, user, or employee, there is a high risk of data being used or exchanged. In today’s world, it’s nearly impossible to get by without access to some data protected by some legislation.

It seems that data breaches and privacy issues are happening on a more common basis. From Equifax to Facebook, companies face stricter rules when processing, managing and using data in their day to day business.

Your company can’t afford to ignore data compliance. Today it’s more important than ever to get it right. This post will help you understand what data compliance is, how it works, and how you can protect your business.

 

What do we mean by data compliance?

Data compliance is the process of following regulations that stipulate how it should manage the organization’s digital assets.

These regulations can be different based on geography, and there are often multiple regulations that a company must comply with when dealing with data daily.

The data that the regulation is referring to is usually PII (personally identifiable information). Still, in other cases, it can include financial information and additional information related to an individual or business.

 

Data compliance v data security

It’s important not to confuse these two terms. They might concern similar goals, such as minimizing the risk that a company is exposed to. Data compliance is specifically compliance with legally stipulated standards. Data security refers to all the processes and guards that are used when managing and interacting with data.

 

Why is data compliance important?

Failure to comply exposes your company to huge risks

The most obvious motivations for focusing on data compliance are that a failure to do so creates an extreme risk to your business. In some cases, this risk can represent the end of your business, but with legislation stipulating huge fines, it’s essential to get on top of compliance.

These risks can be financial or reputational. For example, in the EU, GDPR stipulates that in the event of a data breach, fines can reach up to 10 million Euros, or up to 2% of a company’s entire global turnover.

 

Your companies reputation is on the line

For other businesses, especially consumer-focused ones, the damage can be irreversible and can dramatically negatively affect a company’s reputation.

Consumers need to trust the companies that use their personal data, and a failure to do compliance properly can have the effect of customers leaving in droves, and have a nasty effect on your customer retention.

 

Compliance is an opportunity to build a smarter company

Today’s consumers have become more concerned about how their data is used and where it is used. Businesses must take these concerns seriously or face the consequences.

However, getting compliance right can positively affect consumer loyalty and win business by setting clear differentiating factors with the competition. Many in the tech space have scoffed at Apple’s new approach to consumer privacy, and the effect on consumers might not be realized soon.

But, putting compliance front and center of your mission statement can have a hugely positive effect on how new and existing customers perceive you.

 

Challenges with data compliance

Data compliance doesn’t fit neatly into a single department

Who takes ownership of compliance? This may be clear in larger organizations, but for smaller businesses, it’s not always clear where it fits.

The fact that there are multiple roles and departments for compliance makes it harder to build an effective process. Businesses need a solution that can work neatly with multiple teams and across departments to provide a holistic view of data compliance.

 

Data compliance isn’t plug and play (yet)

There are usually many toolkits for most existential business concerns that can help solve issues quickly and with little implementations. For data compliance, this isn’t true.

This is why Wult is building an end to end compliance toolkit. We hope it will help companies get on top of compliance with minimal effort and reduce compliance workload.

 

To understand compliance, you need to understand your data and where it comes from

To comply with data legislation, you need to understand all of your data sources. What type of data do you collect, how is it used, and what guard is there protecting subjects?

This can get messy quickly, but with useful tagging and categorization in the ingestion and processing phases, this process can be significantly improved. Planning can allow for much easier compliance once multiple people across several departments are using data.

 

Data compliance is different, depending on where you are

For larger companies, there are multiple regulatory concerns for the same type of data. This adds another layer to data compliance, making it difficult to track and understand where errors might have occurred.

If you are a global company, you need an efficient way of complying with GDPR, CCPA, and other legislation based on where the data was collected or how the data is eventually used.

 

Building a better data compliance strategy

For modern businesses, it’s more important than ever to get compliance right. A good data governance strategy requires a few things to work effectively.

 

Start with the customer in mind

When looking at data compliance, you need to start at the beginning. Your customer’s data is essential, and they are trusting you with it to manage it correctly. This means that compliance should extend to your customers and how they communicate with you.

Your customers should be able to do more than provide you with data. Compliance means providing a channel for communication with your customers. How can they see the data that you have on them? How can they engage with you, and how can you respond to their questions effectively and in a timely manner?

Wult’s compliance platform has been designed to work from your first customer through to processing 000’s of daily data requests. We help businesses instantly set up opt-out and tools to honor any customer data requests.

Alongside this, we offer you a dashboard where requests can be actioned, audited, and alerts can be raised within your team with any compliance issues or risks, should they emerge.

 

Include stakeholders in the journey

For key stakeholders, data compliance is one of the most critical issues. They want to know that compliance is being done correctly, and they need a way of auditing compliance efforts to track company progress.

Wult’s data compliance platform keeps all stakeholders informed and up to date with a powerful global view of compliance within a company. These views help improve compliance and identify errors or breaches before it’s too late.

This holistic view can be extended to different teams to ensure that your whole organization is pitching in with their expertise.

 

Bridging the gap between data and legal

Make sure that you keep your data and legal teams on the same page. Traditionally there has been a disconnect between the legal teams that exist to protect the companies interests and the data teams that love to move fast and break things.

Bringing both together and giving them a complete view of compliance increases the speed that data can be used and ensures that compliance is done with maximum efficiency.

 

Focus on how fast your company can react

Building a data compliance strategy requires you to assess how quickly you can react to data breaches, errors, or alerts. After all, reacting quicker can be the difference between no fine and multiple thousands of dollars.

All in one solutions like Wult are designed to provide a holistic view of compliance. With helpful alerts and integrations into your daily workflow, your company is better prepared for any data related issues.

 

Conclusion

For modern businesses, data compliance can be an existential issue. Many companies are still relying on outdated systems to alert them of errors or breaches in data processing.

With increased scrutiny on companies that use data, businesses must develop a data compliance strategy that reduces the risk they are exposed to.

On top of this, building a powerful data compliance strategy also presents an opportunity to provide value for customers. By offering instant access to customer data, creating a holistic view, and engaging team members across the business, it’s possible to turn data compliance into a powerful reassessment of how your business approaches data management.