SIGMA Insight: Personal Data Privacy in the Age of GDPR

/in , , /by

In 2018, the European Union enacted a regulation on the protection and use of personal data entitled the General Data Protection Regulation, or GDPR. This resonates globally and has already spawned the first American privacy bill, the California Consumer Act, or CCPA. Both of them share the same idea: personal data should be treated well and kept sacred.

For our full take on the legislation, and how you can navigate your journey to compliance, download our Insight below.

We are providing this Insight as a framework for you to use as you consider the impact digital privacy laws have on your business goals. We present you with several facts and crucial actions you need to take as you confront data privacy challenges.

Here is just a taste:

What are these laws?

The most salient points of both regulations include protection of personal information, transparency, control, and remedy for misuse.

When should I be concerned?

While GDPR is already in effect in the EU, CCPA is approaching for California in January 2020, with similar regulations emerging in the US digital landscape soon after that.

Who needs to be involved?

Since nearly all employees touch some piece of sensitive information, they all should know about their companies’ privacy and security practices. The regulations also encourage consumers to manage their data with new tools. Meanwhile, companies can get substantial financial penalties for violating the regulations. But what can you do about it?

To rebuild the future, there are several possible steps to take.

  1. Build your team

Your robust data team and Data Protection Officer (DPO) should develop a formidable knowledge based on all things compliance, and a complete understanding of all those “who, what, where. how” questions about the data lifecycle.

  1. Update your data security model
  2. Test, test, test!

Implement and test to make sure what’s written in policy works in practice.

  1. Enable consumer controls

Customers should be empowered to direct how companies use their info, and how.

  1. Rethink action methodologies

Companies must try to comply with all data privacy requests, without bankrupting yourselves by doing so. Second, all companies in the custody chain need to communicate with one another. Finally, you need to prove that you’ve honored a data privacy request.

  1. Protect the custody chain

It’s up to compliant companies to eliminate the weak links in the chain of custody by denying work to non-compliant companies.

Attention to detail is needed as companies walk the path to compliance. If you can’t manage the process by yourself, SIGMA can lead you to your future state of complete compliance.

 

Download our SIGMA Insight


Compliance: The Final Frontier

/in , , /by

A Guide to Data Privacy in the Era of GDPR, Part IV

Our three previous blogs have delivered you to the shore of a new world – one where consumers can see and control what happens to their digital presence, and where companies are expected to actively protect, serve, and empower them. You’re on the cusp of compliance: you’ve built the necessary policies and processes, and have cultivated a compliance-positive culture within your organization. Stepping onto that shore is stepping into the future, and the future is where true compliance lies.

So far, our focus has been on making material changes to your business. But we have approached them as point-in-time efforts; we didn’t pay much attention to the living nature of the future work they represent.  The new concepts of data protection and compliance live and breathe.  They evolve over time, which means that your company, and everything you’ve just built, needs to as well.

So how do you meet this challenge?  How do you stay compliant?

In the simplest terms, there are three aspects of GDPR, CCPA, and beyond that need constant focus and care:

  1. Co-managing consumer data with your partners
  2. Assisting your partners with their compliance practices
  3. Keeping your business in sync with new and evolving laws

We’ll delve more deeply into these topics in the SIGMA Insight, but I still want to emphasize their importance here.  If your efforts stop at your company’s border, and only your link in the data chain is strong, then you and all your partners won’t achieve compliance.  This is an opportunity for your company to become a leader in the space.  That’s what we have done here at SIGMA.

Your company must provide a guiding hand to all your partners. Test and question their practices, suggest improvements, and be firm when you need to.  It’s okay – and, in fact, a recommendation of the GDPR – to refuse to work with partners who can’t or won’t follow these laws. Lead by example and share what you know, and if necessary, flex your muscles at contract time. Make it known that you’ll only partner with companies who take consumer protection as seriously as you do, and who are always trying to be good digital guardians of the consumer information we know to be dearest.

When it comes to actions you take on behalf of a consumer, make sure you share what you’ve been told to do, whenever you’re told to do it.  Keep an open hotline to your partners, and again be a leader who ensures that everyone works in concert when there’s a data task in the offing.

Finally, and as important as anything we’ve done on this journey, keep your eyes and ears open for everything new that’s coming. In January 2020, you’ll be compliant with 2018 GDPR and ready for CCPA 1.0.  But you need to be ready for the possible 2020 and beyond GDPR revisions, CCPA 1.5 and 2.0, and whatever new state, federal, and world laws are announced in February, June, and December. Keep your data protection team activated, and be ready to leverage everything you’ve already learned to keep yourself ahead of the curve.

Thanks for taking this journey with us. Be sure to read our upcoming SIGMA Insight for an in-depth look at all things GDPR and CCPA, and how your company can join SIGMA as champions of consumer data protection.

Knowledge is Power

/in , /by

A Guide to Data Privacy in the Era of GDPR, Part II

When last we left you, you were staring into the jungle of data protection laws known as the GDPR and CCPA. The question at hand was where to begin.

Charting a path through unknown territory, especially with these laws’ high stakes, seems like a daunting task. By reading this far, you’ve developed a sense of what’s ahead, and understand that making these changes is not going to be a quick weekend effort. But without a map to guide you, you can’t see your way to success. That said, it’s impossible to craft a good one right out of the gate; you’ll build your map as you head toward complete compliance. It all depends on your organization’s current state.

As the title of this post suggests, knowledge is powerful. You’ll need to thoroughly understand your company’s systems and practices to complete the hard work ahead. That’s how you should frame this first part of your data protection work: a survey of the terrain, and a discovery of what you don’t know about the consumer data in your care, and the structures that support it.

Think of it as an audit, but with a focus on system security, access privileges, and data sharing. Start by examining everything. Involve your IT teams, your security managers, your data analysts and more. Get to know exactly how your company works, and then document it. Because that’s the map you actually need, and the foundation for the work we’ll talk about in our next post.

Stay tuned for part three of this blog, and SIGMA’s upcoming Insight on the subject.

Adam Smith Speaks at the ABA Bank Marketing Conference

/in , /by

Check out Adam Smith delivering a great presentation on “Data and Machine Learning Worth your Time and Money”. Adam gave this speech at the American Banking Association’s 2018 Bank Marketing Conference in Baltimore, Maryland on September 24th. In this video he explores such customer segmentation, customer profiling and predictive modeling. He, also, wrote this blog on the same topic.

 

 

Please like and share the YouTube video and/or subscribe to our channel for great future videos and clips like this.