Governance
Consumer privacy is critical for every business. The need to comply with many privacy laws is real. Non-compliance can affect your business financially and worse -- can potentially result in losing your consumer's trust. Trust is everything. Your organization needs to understand the laws and how they affect your business at every level. Everyone in the company, including the executives, should be on board with your compliance efforts. Form a group who will be responsible for privacy law compliance.
Compliance Gaps and Data Mapping
Your business should conduct a thorough analysis of all internal processes dealing with consumer information (collection, processing, selling, sharing with a vendor). During this process, you should also create detailed data flows, documentation, and list of systems that store a consumer's information. Based on the information collected, an audit of your current practices will reveal any gaps in compliance.
Policies
Develop a recurring process to update your internal and external policies. Review it with your internal compliance team and legal counsel. You must ascertain that consumers are aware of your Privacy Policy and Data Retention Policy.
The privacy policy on your website must include information on how you deal with personal information, and how is the data collected, processed, and sold (if applicable). Your website's privacy policy should be updated regularly to ensure that the latest version is available to the consumers.
Establish an internal policy to handle the consumer information and discern which information must be disclosed in response to a Data Subject Request. You must review the policies of any vendors you do business with, to make sure they are also in compliance.
Procedures
Your compliance team must create procedures to deal with each type of data subject requests based on the risk assessment, data analysis, and policies that are in place. This should also include procedures on dealing with a consumer's identity verification. Your compliance team must work with other departments to have ongoing process review and modification.
IT Security
Establishing IT Security policies to protect consumer data from misuse is paramount. Have contingency plans in place to handle any consumer data incidents such as a data breach and loss of data. IT policies should also cover storage and transmission of encrypted consumer data.
System Integration and Automation
There is value in integrating your systems and automating processes. This automation will help you respond to the consumer data requests in an efficient manner. The compliance requests are time sensitive and any automation to respond to the consumer in a consistent manner will help. These automations and integrations will also avoid human error.
Legal Counsel
We recommend your business find and retain a legal counsel specializing in the field of Compliance. The legal counsel is an integral resource who can guide you appropriately. The legal counsel should be part of all discussions pertaining to consumer privacy.
Training
Any employees that deal with consumers over the phone or electronically must be trained appropriately and apprised of any compliance policies and procedures. These employees must understand the importance of privacy laws and the sensitivity of consumers' private information.
Continued Compliance
Compliance is an ongoing process. After the policies, processes, and the compliance task force are in place, you will need to update each in response to any changes or additions to the compliance laws. This might involve re-educating and training employees appropriately.
