It is not a matter of if your organization will be challenged on data protection and privacy, it is a matter of when! With so many new regulations around the world establishing varying versions of data privacy laws, it is up to your organization to understand and prepare for compliance – or at least make at an attempt to be compliant so you can establish a defense if you are pulled into a legal proceeding somewhere in the world.
While a lot of companies were not ready for GDPR (General Data Protection Regulation) on the May 25, 2018 effective date, a lot of complaints were certainly ready to be filed against companies as soon as the law took effect.
We can expect this and more when the California Consumer Privacy Act of 2018 (CCPA) goes into effect on January 1, 2020. These regulations and updated privacy protection laws across Asia-Pacific are only the beginning. Soon, the personal information of data subjects the world over will be legally entitled to some degree of protection, with access to varying degrees of legal recourse in the case of noncompliance.
A company’s best defense is a mechanism for ensuring compliance with the various regulations as they arise and evolve. I’ve covered the vast complexities and potential blind spots of GDPR compliance in recent articles. Add to this CCPA, regulatory updates across APAC and the numerous regulations still on the horizon, and the risks of facing fines for noncompliance grow to dizzying proportions.
On the very day GDPR went into effect, complaints were filed with European authorities against Facebook, Google, Instagram and WhatsApp for violations that could incur maximum fines of more than 7 billion euros (more than US$9 billion) according to various news reports.
Rights granted by the CCPA are enforced by the California Attorney General and infractions could incur penalties of up to US$7,500 per incident, in addition to individual lawsuits that could be lodged against the violators. It is clear violators could not only incur hefty fines, but they could also wreak severe reputational damage as the news of the lawsuits and penalties goes public.
While GDPR, CCPA and other consumer privacy protection laws are similar in intent, they are also different, and each requires specific actions be taken or enabled. It is important your data protection compliance approach is extensible, so you are not building one-off capabilities to support the various regulations.
Then it becomes a supportability issue as you have multiple capabilities delivering overlapping capabilities. Having a common configurable solution to support today’s regulations that is extensible to support future regulations will be important to scale regulatory compliance.
Data privacy protection requires a holistic approach
Privacy is more than just a technology solution; you must take a holistic approach to this issue, which requires enhanced processes across the organization. Compliance implies fundamental changes to the way personally identifiable information (PII) is managed and processed.
Moreover, the technology to manage, surface, delete or export customer data must be designed, architected, inventoried, developed, delivered and maintained on an ongoing basis. This is and will impact essentially all organizations on the planet!
iTalent Digital’s intelligent agent (“iAgent for Privacy Protection”) can be tailored to handle compliance with GDPR, CCPA and future regulations thanks to its configurability and ability to operate across an enterprise’s ecosystem of platforms, systems and data repositories.
The solution automates the intelligent processing and routing of customer requests to delete or export personally identifiable information (PII).
iTalent Digital delivers an assessment on what personal data exist within your application(s) or system(s), then customizes the iAgent for the specific scenario and its unique requirements, delivering a PII data inventory, data typing, tagging and classification, as well as the configuration of tailored data- and application-specific policies. One customer request triggers required actions to ensure compliance across target systems and repositories.
Bottom line, the emergence of new and diverse privacy regulations around the globe necessitates a holistic, tailorable, scalable and integrated approach to compliance. The good news is, despite the inherent complexities, when you implement a holistic solution, the process is manageable and effective.
When choosing an implementation partner, be sure their proposed solution covers all the bases. Otherwise, you may find your business in the crosshairs of a complaint or lawsuit, or even a debilitating fine.
To learn more about our iAgent, feel free to contact me at DataProtect@italentdigital.com.
Note: This article was originally published on LinkedIn on 24 August 2018.
