110 Steps for Reaching Global Data Privacy Compliance
2Evaluate Regional Rules
Evaluate the regulations within the regions where you’re conducting business and managing, transporting or handling customer data to ensure you are well aware of any and all region-specific regulations, as they can vary widely. For example, according to the Forrester Research Data Privacy Heat Map 2015, the Netherlands is one of the most restricted areas, while Nigeria has effectively no restrictions.
3Provide Data Documentation
Document and understand the types of user data being captured and how that data is being used across your technology stack. This will be important for a number of reasons including potential opt-in requirements from customers, notifications in case of a breach and the potential need to delete this data due to inactivity of a given user.
4Incorporate Requirements Into Company Processes
Incorporate requirements for documentation, notifications, opt-ins and other activities mandated by these laws into company processes. Every piece of data should be handled and tracked in compliance with the necessary regulatory requirements. This stage includes folding new processes into how your company operates, such as including a least-privilege model to allow access to information on a need-to-know basis.
5Create a Breach Notice Plan
6Brief Relevant Parties
Brief all employees to ensure companywide participation. Departments must be fully committed to following updated regulations. This step encompasses all internal communications to employees and stakeholders that play a part in complying with global data laws. In a recent study, 87 percent of respondents said their jobs require them to access and use data, including customer information, contact lists, employee records, financial reports and corporate documents. As it happens “insider negligence” is the most common cause of a data breach.
7Restrict Shadow IT
8Secure Customer Consent
Consent from customers is essential. It is crucial that a variety of customer data driven marketing programs have direct consent from consumers. In fact, some impending changes in the General Data Protection Regulation (GDPR) may force companies to gain consent from end users on a program-by-program basis.
9Customers Need to Manage and View Profile Data Easily
10Understand Global Differences
11Monitor New Policies and Changes in Old Ones
Monitor and audit any policies that may arise or change. Data is continuously growing and evolving, so it is only natural that the regulations will evolve as well. Constantly auditing your business and monitoring global laws will help ensure privacy compliance on an ongoing basis.