A Guide to Data Privacy in the Era of GDPR, Part IV

Our three previous blogs have delivered you to the shore of a new world – one where consumers can see and control what happens to their digital presence, and where companies are expected to actively protect, serve, and empower them. You’re on the cusp of compliance: you’ve built the necessary policies and processes, and have cultivated a compliance-positive culture within your organization. Stepping onto that shore is stepping into the future, and the future is where true compliance lies.

So far, our focus has been on making material changes to your business. But we have approached them as point-in-time efforts; we didn’t pay much attention to the living nature of the future work they represent.  The new concepts of data protection and compliance live and breathe.  They evolve over time, which means that your company, and everything you’ve just built, needs to as well.

So how do you meet this challenge?  How do you stay compliant?

In the simplest terms, there are three aspects of GDPR, CCPA, and beyond that need constant focus and care:

1. Co-managing consumer data with your partners
2. Assisting your partners with their compliance practices
3. Keeping your business in sync with new and evolving laws

We’ll delve more deeply into these topics in the SIGMA Insight, but I still want to emphasize their importance here.  If your efforts stop at your company’s border, and only your link in the data chain is strong, then you and all your partners won’t achieve compliance.  This is an opportunity for your company to become a leader in the space.  That’s what we have done here at SIGMA.

Your company must provide a guiding hand to all your partners. Test and question their practices, suggest improvements, and be firm when you need to.  It’s okay – and, in fact, a recommendation of the GDPR – to refuse to work with partners who can’t or won’t follow these laws. Lead by example and share what you know, and if necessary, flex your muscles at contract time. Make it known that you’ll only partner with companies who take consumer protection as seriously as you do, and who are always trying to be good digital guardians of the consumer information we know to be dearest.

When it comes to actions you take on behalf of a consumer, make sure you share what you’ve been told to do, whenever you’re told to do it.  Keep an open hotline to your partners, and again be a leader who ensures that everyone works in concert when there’s a data task in the offing.

Finally, and as important as anything we’ve done on this journey, keep your eyes and ears open for everything new that’s coming. In January 2020, you’ll be compliant with 2018 GDPR and ready for CCPA 1.0.  But you need to be ready for the possible 2020 and beyond GDPR revisions, CCPA 1.5 and 2.0, and whatever new state, federal, and world laws are announced in February, June, and December. Keep your data protection team activated, and be ready to leverage everything you’ve already learned to keep yourself ahead of the curve.

Thanks for taking this journey with us. Be sure to read our upcoming SIGMA Insight for an in-depth look at all things GDPR and CCPA, and how your company can join SIGMA as champions of consumer data protection.