Consumer data privacy is an issue that has become very nearly a global social movement.  It’s driven the passage of new regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA), affecting huge segments of the world economy. 

These are only the proverbial “tip of the iceberg,” as more legislation and regulation are either already enacted or under consideration in countries, provinces, states, even localities worldwide.  These are all inspired by consumer concern about how their personally identifiable information (PII) is being collected, used, and sold.

Those are justifiable concerns.  According to Risk Based Security, by Q3 2019 there had been 5,183 data breaches exposing 7.9 billion records, already the previous year’s grand total. Among the hard lessons taught by this trend is that manual processes and incomplete or outmoded methods of recordkeeping are inadequate on two fronts: For managing and securing the huge volumes of data being captured by the modern corporation, and for ensuring compliance.

Businesses need a robust data privacy compliance framework in place.  What are the steps involved in installing just such a framework?

Why do you need it (and need it now)?

The potential damages to your bottom line and reputation that can arise from non-compliance should be at the top of your organisation’s list of reasons to implement a data privacy framework, and the tools to support it.  Under the regulations cited above, the financial penalties can be severe, and the loss of goodwill and trust among your customers can be even more damaging, with longer-lasting effects.

So, you should build a compliance framework that allows your enterprise to comprehensively address data privacy compliance demands. One that supplies an overview of all your data privacy obligations and risks, with the ability to quickly report and respond to them.

The processes and controls involved in regulatory compliance can become complex, only reinforcing the fact you require a solid framework.  The standards to follow are already established: international guidelines such as ISO19600 provide clear guidance.  The framework and the tools you utilize to support these standards, and the process of implementing them, are where the work begins.

Look to expert resources

There are, fortunately, guides to follow that can walk an organisation through this adoption process. One such guide is 7 Steps To Take Toward Data Privacy Compliance, from a longtime risk and compliance technology provider, Mitratech.  The resource is free to download, as one might expect, but provides a thorough explanation of the hows and whys of implementing a data privacy compliance framework.

Among the questions it answers? Why so many data privacy risks are strictly unintentional, which makes them even more difficult to protect against; why your program must not only be effective, but prove defensible against regulatory scrutiny; and why your C-suite, in the age of SMCR, actually have a very personal stake in establishing data privacy measures.