` The Time to Enhance Data Privacy Practices is Now - Clarip Privacy Blog
ENTERPRISE    |    CONSUMER PRIVACY TIPS    |    DATA BREACHES & ALERTS    |    WHITEPAPERS

The Time to Enhance Data Privacy Practices is Now

There was a big push to get prepared for the General Data Protection Regulation (GDPR) at many businesses in 2018. For those organizations that have not begun improving their privacy practices (for either compliance or to maintain status in the marketplace), 2019 is the time to do so.

The Data Protection Agencies (DPAs) have not yet exercised their substantial authority to issue fines and penalties, with many of them choosing instead to give companies time to rectify the problems that have been identified. Nevertheless, this leniency will not continue forever. And there has been talk that 2019 may be the year that it stops.

DPAs are not going to sit idle and allow companies to engage in GDPR violations. For example, the Dutch Data Protection Authority has just asked 30 organizations for information about their data processing agreements with third-party processors. They are proactively assessing the compliance of the marketplace and will no doubt broaden investigations to other businesses if they determine there are problems. Other areas of investigation in the past by the Dutch DPA include the appointment of a data protection officer, and the maintenance of Article 30 Records of Processing Activities (ROPA) at large organizations.

Americans-Favor-DSAR-Right-To-Delete

Additionally, private organizations continue to investigate companies for potential privacy violations. For example, Max Schrems and his organization recently complained to the Austria DPA that eight streaming services are violating the GDPR by not providing all of the information required under the Article 15 Right to Access after a Data Subject Access Request (DSAR). These private organizations are issuing complaints to DPAs and these complaints are being investigated. Engaging in prospective compliance efforts is almost always better than reacting to a government inquiry.

To see where your organization stands on its privacy practices, consider starting with the ICO self assessment checklist from the UK Information Commissioner’s Office – available here.

The eight questions are straightforward and do not require a legal background to interpret them. If your organization must answer no for any of them, then you have gained additional knowledge about where to focus during efforts to improve your privacy practices.

1. Do you have a record of what personal data you hold? Do you know what you use it for?

2. Do people know you have their personal data and understand how you use it?

3. Do you only collect the personal data you need?

4. Do you only keep personal data for as long as it is needed?

5. Do you keep personal data accurate and up to date?

6. Do you keep personal data secure?

7. Do you have a way for people to exercise their rights regarding the personal data you hold about them?

8. Do you and your staff (if you have any) know your data protection responsibilities?

The questions are intended for small businesses, but could be a useful checklist for any organization to identify problems in their compliance program. Individuals do not need to have an extensive understanding of GDPR and privacy law to answer them, and the answers could assist an organization in focusing its efforts to improve.

It will not be possible to continue to kick the can down the road on privacy compliance. If your organization did not prepare for GDPR, it will require more effort to get ready for the California Consumer Privacy Act (CCPA). If for some reason your organization does not need to comply with the CCPA, you will inevitably face another privacy regulation in the future that you must implement. Whether it is a state law for your local business, or a federal privacy law that is created to harmonize privacy law in the United States across regions and sectors, it will be easier to begin improving your privacy practices now rather than later. And your customers will thank you for it.

More Blog Posts from Clarip:

Data Privacy Ranks Second for Top Marketing Challenge in 2019
Privacy & Security – A Review of 2018 and Some Predictions for 2019
Data Privacy Named Top 5 Risk for Business in 2019

Contact Clarip for Help with Your Privacy Program

The Clarip privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.

If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping automation, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie management software, Clarip can help strengthen your privacy program.

If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR software, or provide the right to opt out of the sale of personal information with our consent management platform.

Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.

Contact

  • 1521, Concord Pike, Suite #301,
    Wilmington, DE 19803 USA
  • 20 Montchanin Road, Suite 20,
    Greenville, DE 19807 USA
  • Contact Online

888-252-5653

About

Consumers

Businesses

The pixel
Show Buttons
Hide Buttons