With the recent raft of worldwide privacy legislation and much more to come, organizations of all shapes and sizes are becoming forced to evolve the way they do business. Those SMEs that can’t bring their operations into compliance with the GDPR, CCPA and other data privacy laws worldwide will be at a significant competitive disadvantage, and may even find that continued non-compliant operation merely is unsustainable.
With the recent raft of worldwide privacy legislation and much more to come, organizations of all shapes and sizes are becoming forced to evolve the way they do business. Those SMEs that can’t bring their operations into compliance with the GDPR, CCPA and other data privacy laws worldwide will be at a significant competitive disadvantage, and may even find that continued non-compliant operation merely is unsustainable.
In this “adapt or die” scenario, the essential first step to getting compliant is for SMEs to perform a rigorous self-assessment of their present-state data operation.
There are three basic formats to self-assessment:
At Ethyca, we believe in empowering a Data Protection Officer to be a real focal point for all data-related business operations. So if scale permits, we recommend delegating full responsibility for the exercise to a DPO. Of course, each organization’s privacy self-assessment will be inherently different. However, the following aims to provide a framework that will serve as an excellent starting point for any business looking to evaluate its path to data privacy compliance:
Is your organization trying to determine whether existing policies ensure regulatory compliance? Deciding the specifics of what to assess is a critical first step.
It involves answering the following questions:
Only by answering these questions can businesses understand the work needed to bring themselves into a state of regulatory compliance. It’s vital to cross-check these answers against provisions in the GDPR, CCPA, and other relevant pieces of regulation by the DPO. Additionally, you should actively cooperate with internal or retained legal counsel proficient in privacy law. The exercise should result in a set of tasks or processes to accomplish to reach the desired level of privacy compliance.
Finally, we recommend reviewing privacy complaints as part of a privacy self-assessment. Especially those that have arisen in the recent past, three years is a sufficient window. It will give you insight into where potential privacy pain points exist between your business and the consumer. That way, you can pay extra attention to these areas as you’re revamping them to be regulation-compliant. So if your organization doesn’t keep logs of such complaints, we’d like to say congratulations! You’ve uncovered another process that needs revamping to survive in the new competitive landscape!
Published from our Privacy Magazine – To read more, visit privacy .dev
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
For privacy engineers to build privacy directly into the codebase, they need agreed-upon definitions for translating policy into code. Ethyca CEO Cillian unveils an open source system to standardize definitions for personal data living in the tech stack.
Masking data is an essential part of modern privacy engineering. We highlight a handful of masking strategies made possible with the Fides open-source platform, and we explain the difference between key terms: pseudonymization and anonymization.
The American Data Privacy and Protection Act is gaining attention as one of the most promising federal privacy bills in recent history. We highlight some of the key provisions with an emphasis on their relationship to privacy engineering.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Book a Demo