International Data Privacy Day is almost here. January 28 is a chance for all of us to raise awareness, remind ourselves of our commitments to data privacy, and ensure we know data protection best practices.
Data privacy (sometimes called “information privacy”) is a subset of data protection that deals with the proper and correct handling of data with a strong focus on compliance with data protection regulations.
Therefore, the focus is on how data should be collected, stored, managed, and shared with any third parties and compliance with the applicable laws and regulations (such as CCPA or GDPR).
While linked to data security, it is not the same thing. Data security is concerned with the measures you take to prevent third-party access to the data you are storing.
Data privacy laws
According to the UN, 128 out of 194 countries have passed legislation to secure data and privacy protection. 10 percent of countries have drafted legislation, while 19 percent have no legislation at all.
Familiarizing yourself with the applicable data privacy laws that affect you – usually your server’s location and the location of those you are collecting data from – is important. The UN’s tracker makes it easy to see what bills have been passed in each location.
GDPR, for example, applies to any company or entity that processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed, or to any company established outside the EU that is offering goods or services (paid or for free) to EU citizens or is monitoring the behavior of individuals in the EU.
That’s important to remember, and it means that you need to keep abreast of your obligations regarding several different laws. While most companies will need to comply with at least GDPR and CCPA, staying compliant with the likes of PIPEDA (Canada’s data privacy legislation) and other major laws is important.
Data privacy prerequisites
Keeping on top of all of those regulations sounds daunting, but some basic prerequisites will ensure you stay on the right side of all legislation.
Beyond the requirement to keep up with the latest data privacy regulations, there are two other key elements to focus on.
One is the right of an individual to be left alone and retain control over their personal data. The second element is the necessary procedures for properly handling, processing, collecting, and sharing personal data.
The first element reminds us that as an organization, you are only borrowing the personal data of the individuals you are processing. Remember: you do not own this information.
Individuals, therefore, should always have the right to be forgotten.
So an important part of data privacy is transparency. It would be best if you showed, by openly communicating with your clients and potential customers, what you collect, why, how you’ll process that data, where you’ll process it, and whether or not third parties are involved (and gain permission for that transaction).
The good news is that transparency breeds trust, and trust is crucial to gaining a customer and keeping them. Salesforce’s State of the Connected Customer reports showed a big shift in the need for trust between 2018 and 2019. In the 2019 report, 73% of customers say companies’ trustworthiness matters more than it did a year ago, and 54% say it’s harder than ever for a company to earn their trust.
In its 2020 report, Salesforce states that nearly half of customers have stopped buying from companies because of privacy concerns.
Transparency, trust, and the ability to communicate exactly what you are doing, and how you’ll react to consumer requests will not only ensure you’re staying on the right side of data privacy legislation; it will give you a competitive advantage.
Data privacy tools
Of course, you don’t have to navigate data privacy alone. There is an ever-growing number of data privacy management, consent management, and data subject access request (DSAR) platforms available that help to keep you up-to-date and compliant.
Also, a simple search will deliver an almost infinite number of data privacy consulting firms. Of course, do all of your due diligence, and make sure you read independent customer reviews before engaging with an agency.
But the message here is clear. On this International Data Privacy Day, you’re not alone. Despite the enormity of the problem and the complexity of the solution, you can rest assured that the knowledge you need, the tools to help you, and the people that can assist are available to ensure you get it right.