In a world governed by strict Data Protection Regulations, decentralised consent leads to greater risk of data misuse, data breaches, significant fines and increased brand damage.
In a world of budget cuts, in which companies increasingly seem to be asked to do more with less, companies often face the dilemma of build vs buy. For some businesses, there may be no choice but to build, especially if there is no vendor that matches your unique requirements. For others, it may be a cultural choice to build – but is this always the right approach?
Last week saw confirmation of Morgan Stanley’s $60 million USD fine for having failed to ‘effectively assess or address risks associated with decommissioning its hardware’, having failed to ‘maintain an appropriate inventory of customer data stored on the devices.’ The Morgan Stanley case serves as a cautionary tale for Banks and global businesses.
Since the arrival of regulations such as the GDPR, CCPA, LGPD and POPIA, Data Privacy and Ethics teams have become a critically important function within a business. With an ever-increasing number of future regulations on the horizon, and continual changes made to existing regulations – Schrems II being a recent example – Privacy and Data teams face a battle to ensure their house remains order.
The original intent when creating cookies was apparently somewhat innocent: to allow sites to store persistent information about the user in order to provide services, and to improve User Experience, whilst ushering in the ecommerce revolution. The problem, as it is often said, is that ‘the road to hell is paved with good intentions’.
Businesses have had, until recently, little motivation to truly put Privacy strategies at the core of their customer experiences. Although many businesses today say they care about our privacy, it’s often difficult to find clear evidence of this in their actions towards users and customers.
November 3rd, 2020 saw the passing of the California Privacy Rights and Enforcement Act into law. We’ve put together an overview of the things organisations should look out for when thinking about how best to approach the CPRA, and indeed their current approach to the California Privacy Protection Agency (CCPA).
Knowing where data sits in your businesses is a hard question for many companies to answer. Global Privacy regulation now makes this question more prevalent, with the introduction of Data Subject Requests (DSRs), records of processing activities, data retention and breach notification policies, introduced by the GDPR, LGPD, CCPA and more.
Two years on from the GDPR businesses should by now be familiar with the concept of Data Subject Access Requests (DSRs). This article will explore some of the processes and tools to ensure best-in-class compliance by automating DSRs to save your businesses time, effort and money.
Compliance with Data Privacy regulation is now a universal reality for businesses. It is rare today that a business is not bound by one or more comprehensive regulations, either under its national law, or the extraterritorial scope of regulations such as the GDPR, LGPD or CCPA.