Your data is safe, but is your customers’ data? Changing regulations in a digital world
The policy books concerning data regulation and privacy are not only getting fuller but are also becoming more complex. Any business active on the internet effectively trades or partners internationally, and so, needs to be aware of a broad scope of data and privacy legislation.
One of the key takeaways from the run-up to the EU’s General Data Protection Regulation (GDPR) implementation was that although a European trans-national body created the regulations, its effects had genuinely global implications: an organization only needed a single European customer or partner to be impacted.
The European Commission has been relatively proactive compared to other world governments and intra-government organizations when it comes to protecting the rights of their constituents’ data, both in and outside of EU borders.
In addition to GDPR, there was the Safe Harbor agreement, the EU Privacy Shield, and coming into place at the end of next year, PSD2 which further protects EU consumers making online payments.
Australia has its own data protection and privacy legislation, as do individual states in the US (the California Consumer Protection Act, for example), and depending on which countries you trade with in APAC – South Korea to Laos to Japan – every function in the modern enterprise is affected by a range of different frameworks in which to operate.
Yet many companies are still not able to answer questions like:
- Where does pseudo-anonymous data fit into local regulations?
- How many internal systems and teams are involved in data processing activities?
- Which of these activities involves sensitive data?
- What is the process of reporting a data breach?
- To which supervisory authorities do data-related incidents need to be reported and in what timeframe?
- Which functions or departments within the business are responsible for reporting data issues, and to which local or international supervisory authority?
Organizations have to focus on data governance because of the legal ramifications as well as, the effect that leakage and security events have on the public’s perception of a company, its value, and levels of customers’ trust.
Customers, partners and employees alike are owed transparency and ethical treatment in all of the enterprise’s dealings with their data. And every company needs to ensure that the data collected is used both ethically and legally: customers want to know that the data they submit to an organization is used securely, responsibly and with adherence to governing regulations.
In addition to organizations’ internal policies that ensure customer trust, national governments are also legislating. In India, the draft Data Protection Bill 2018 means data classifiable as “critical personal data” can only be held on India-based servers. This may lead to massive complexity for companies using overseas data centers.
There is also controversy surrounding the bill’s “Right to be forgotten”, which it is thought may lead to compromises with regards transparency, freedom of speech and freedom of press.
This is just one example, in one location, where a company’s data governance strategy needs to comply with ever-changing regulatory frameworks.
Regulatory bodies which produce new compliance targets are, of course, unlikely to pack up shop and go home. Because the data landscape is ever-shifting, no single intra-governmental organization will ever be able to say that “there’s enough legislation: everyone is now fully regulated!”
It’s therefore vital in a data-driven world that the enterprise has an evolving and active stance with regards to privacy compliance. This is not only to comply with governance as it appears and changes, but also to satisfy increasingly privacy-aware end-consumers and companies.
Here at Tech Wire Asia, we looked for a solution that provided privacy compliance within the patchwork of global privacy laws that many businesses are facing. This included a solution that provided small businesses to enterprises with the tools they need to adequately protect their customers’ and partners’ data, wherever they happen to be operating across the globe.
OneTrust ‘s specialty is ensuring that organizations of any size (it has all-in-one, free solutions for even the smallest start-up) have the tools to manage data privacy and compliance at scale and across a growing matrix of privacy regulations. Its global staff are engaged on a daily basis in researching new and existing compliance regulations as they are formulated, integrating this research into the OneTrust product.
Trusted by over 1,500 customers with compliance management (including 200 of the Global 2000), regardless of where your company trades, is headquartered, and with whom it partners, OneTrust has the software and the world-class regulatory knowledge to help.
For marketers concerned with compliance, including data subject rights, cookies, consent and preference management, mobile apps and targeted ads for publishers – OneTrust provides a comprehensive platform for assessing and managing consent while providing records of consent for regulatory purposes.
For privacy and security teams, the OneTrust platform can create an up-to-date inventory of all data assets across the organization, including assessments and ongoing risk management of new and existing vendors & partners.
In the event of a data breach or rights violation, the platform makes canonical incident and breach records, and analyzes overall risk to the rest of the enterprise’s data.
Informing the right people both inside and outside the enterprise can also be automated, and naturally, all data recording is designed with regulatory compliance firmly to the fore.
To read more in depth about OneTrust, click here