Chris Slovak from Tealium, vice president for global sales solutions, said that consent is a key part of all regulations. He also explained how to inform consumers in a clear, transparent, and obvious manner what you are collecting. “I think we are just at the beginning of what we see. “
Slovak stated that so far, only companies who have violated the rules have been subject to fines from supervisory authorities. There is still a lot of grey area where supervisory authorities have been reluctant to levy penalties. This could change, especially as more clarification is provided by the European Data Protection Board.
For most people’s 2020 GDPR hopes, more enforcement is top of their list. Companies are expecting more enforcement in 2020, as penalties and fines have risen in 2019.
Buck stated that there were more fines in 2019’s fourth quarter than ever before. Buck stated that he expects this to continue. We are seeing fines because the company does not have a legal basis to collect data. Data breaches and insufficient security seem to result in the largest fines. “
Kagan claims that the Irish supervisory authority could be imposing large ines on companies based in Ireland. She said that more than a doen investigations are currently underway in Ireland, which could lead to some of the largest fines ever.
“Those take longer because they’re complicated and require coordination among authorities. But Ireland has said that we will see enforcement actions against big tech come out by 2020,” Kagan stated.
Companies should monitor the European Data Protection Board closely for additional guidance and clarification.
Slovak stated that GDPR was just the “catalyst”, which triggered a tsunami of data protection laws around the world. Companies should keep an eye out for similar developments in other countries.
Slovak stated that this trend is not exclusive to Californians and EU citizens. It’s a trend that will sweep the globe. Invest in the data flows that you already have to get ahead. “
Although compliance with all these laws may seem difficult, if you take one step at a given time, your company will soon be in compliance. You don’t need to comply with all the laws to stay motivated. Sometimes, showing effort can be enough to keep regulators away.
Kagan stated that companies who have followed a plan and cooperated with regulators have had their cases closed or their fines reduced. You need a plan. Do a risk assessment and identify the most risky parts of your processing. Then, get started. Follow a course. “
- Don’t panic. The GDPR and CCPA, which deal with data protection, are complicated and broad. For small and medium-sized businesses, it can be difficult to manage. It is important to break down the process into smaller tasks, so that each task can be accomplished one at a time. Instead of completing the task in one go, think about the process as moving towards compliance.
- Do a risk assessment. According to Kagan, a risk assessment is a great place to begin. This assessment will help you identify areas that are most at risk.
- Start with the most risky components. Once you have an understanding of the risks associated with each component of your data collection operation you will be able to prioritize which components you should address. Start with the most risky elements in your company. If your security is weak, strengthen your defenses to prevent data breaches. You can gain consent from consumers to use their data if you don’t have it. A GDPR compliance consultant will help you better understand the risk.
- Understanding the data and the reasons you collect it is key. Companies must have a full picture of all data collected and why. This is a key part of GDPR/CCPA. Consumers must request a copy of their data and the ability to modify or delete it. Your business must be able to understand what data it collects, how it’s stored, where it’s shared, and why. A complete understanding of data protection laws is essential if compliance is not possible.
- Establish a formal governance plan. Establishing a formal governance program can help you show regulators that you have developed an internal process to comply with (or at the very least work towards compliance) with data privacy laws. A formal governance program will outline exactly how data is collected, stored, shared, and used. Kagan stated that this is particularly important for large businesses, but small and mid-sized businesses can also benefit from formalizing data governance. This could involve appointing a data protector officer to oversee data collection and processing in accordance with GDPR rules.
It is a continuous process to comply with the GDPR, CCPA, and other data privacy legislation. Although each piece of legislation has its own requirements, the general goals are the same. Companies are required to perform a variety of tasks, from properly processing personal data to preventing breaches. Kagan explained that you can work towards compliance without having to know all the details and all the clarifications from regulators.
She said, “It’s not too late for you to comply.” “Don’t forget that your sink is full. Do not put off the task and avoid it. Get started today. “
You can lower your chances of being in violation of data privacy laws by following the best practices and, in worst cases, show regulators that you have made an honest effort to protect consumers’ data. Slovak stated that there are compelling business reasons to follow the data protection regulations best practices.
He said, “If you do it right you get auditability & transparency.” You can inform your customers about the data you have and the location of where it is being sent. You will have better conversations with customers if you do this right. It gives you a better understanding of their needs in the moment that you speak to them. “
He said that protecting consumer data privacy is good business practice and can help you build trust. It is possible to be GDPR ready and shift towards consumer data protection.
“Data is data that you have been given. Slovak stated that a consumer gives you information about them to help you create better services and experiences for them. This is an opportunity for you to reevaluate your customer service and how you treat prospective customers. This requires a new way of thinking and investment in data and tools to manage it. “
Investing in your data infrastructure is a great way to get ahead of the regulatory curve regardless of where you are based and building better relationships with customers is a great idea.