Privacy regulations are expanding beyond the European Union’s General Data Protection Regulation (GDPR), to include California’s Consumer Privacy Act (CCPA) and regulations in other states and countries as well. The landscape is changing fast, and it can seem like the only certainty is uncertainty, but nearly a year after the GDPR went into effect, there are insights and best practices that can be applied to the CCPA and beyond.
Original broadcast date: March 21, 2019 via IAPP Webconference
Take a walk along the path of a subject access request (SAR), from the point of collection to privacy rights management as a competitive advantage.
Walk through this decision tree to uncover how many SARs you might expect to get, how complex your data environment is, and – ultimately – whether it likely is more cost-effective to automate SAR management.
It’s one thing to plan for the GDPR or CCPA and other privacy regulations. It’s another thing to actually live it.
In the face of continued consumer distrust over data privacy and a regulatory environment that remains uncertain, forward-thinking companies are building best practices for data stewardship – and creating a competitive advantage in the process.
On May 25th, Apple released a privacy portal to support their obligations under the GDPR. Just a few weeks ago, they released that portal to US users, ostensibly because it was just the right thing to do. Apple makes a point that it does not drive its business with user data, and this move is a direct response to that claim.
If the GDPR does not apply to your company, you can still benefit from implementing a solution for transparency, notice and consent around consumer data handling. A best practices privacy rights management system provides other advantages. For one, it gives you an opportunity to build a competitive advantage as an organization that deserves consumer trust. As another, it puts you a step ahead if (more likely, when) regulations are enacted that do apply to you.
There are many reasons beyond regulatory mandate that companies are choosing to implement solutions for transparency, notice and consent around consumer data handling.
