Blog Post

The Three Things You Need to Build a Sustainable and Scalable Privacy Protection Program

Aug 03, 2022

On a hot August day in Philadelphia in 1994, a local resident made the first e-commerce transaction on the internet, entering his credit card details to order a Sting CD. History didn’t record whether shipping was free, but the purchase was encrypted with a program called PGP, or “Pretty Good Privacy.” As the amount of data traveling across the internet has exploded since then, businesses have to ensure their privacy protection programs are better than just “pretty good.”

Lagging behind these first e-commerce transactions – but steadily growing – are privacy laws. In the U.S., for example, only two states introduced privacy legislation in 2018, but just three years later, that number grew to 29. Globally, over approximately the last 50 years, new data privacy laws have been enacted at an average rate of almost three countries per year, far surpassing 100 countries today.

As new laws take effect, existing privacy laws that have been in place for years are being revisited and revised, creating compliance, complexity and cost challenges for companies. Perhaps as a result, 44% of organizations in a recent survey said they are failing to adhere to data privacy regulations. How, then, can a company build a sustainable and scalable privacy protection program? It starts with a focus on three fundamentals.

Start with the Fundamentals

A company needs to answer three questions – and implement the processes – to build a sustainable and scalable data protection program:

1. What data does the company have?
2. Who has access to the data?
3. What's being done with the data?

Data mapping. Data isn’t static, and creating a data inventory can’t be static either. With the move away from on-premise servers and toward the cloud, data can be inside an organization, at rest, or traveling back and forth to and from the cloud or third-party vendors. Manual processes are basically obsolete, with automation as the only way to truly discover the data a company holds and where it is at any given point in time.

From a privacy program perspective, data mapping connects data to the identity of the individual with whom it is associated – a critical function to meet compliance obligations of existing privacy regulations. For example, a key right granted to consumers under most privacy laws is the data subject request (DSR). When a consumer requests access or deletion of their data, a platform with automated data mapping will identify, match, and link records from all sources within a company, providing an efficient method for responding to DSRs while also creating a privacy audit trail.

Data access. In addition to standard safeguards, such as encryption and device management, access to data should be managed with least privilege access. With this approach, data access is granted to users with the minimum level of permission needed to perform the individual’s responsibilities or a specific task. Least privilege access minimizes potential damage in the event of a data intrusion. For example, if an employee’s account is compromised, the intruder will only gain access to parts of systems to which the employee has authorization, rather than gaining access systemwide. By restricting access, you’re restricting potential damage.

Data processing. When the EU introduced the General Data Protection Regulation (GDPR) in 2018, businesses were also introduced to the Record of Processing Activity (ROPA). While some consider ROPA’s just another obligation, the requirement also has a distinct benefit: a ROPA forces a company to understand what it is doing with the data it holds. A ROPA is the list of personal data a business possesses, how the data is used, where it is transferred, how long it is retained, and how it is protected. Any time a company’s procedures for processing information changes, the ROPAs should be updated, which ensures compliance as a company’s privacy program scales.

Relyance for Compliance

Data privacy automation is the most efficient and effective way for a company to ensure compliance with changing and growing privacy regulations across the U.S. and around the world. Using machine learning, Relyance builds a dynamic, real-time data inventory and map requiring very little access so companies can monitor how personal data moves through their code, applications, infrastructure, and to third parties. This map is always up to date, providing a solid foundation for the privacy program. The Relyance AI platform enables the entire organization to manage privacy and data protection with a one-stop solution, and data-driven insights keep key staff focused on the most important privacy issues to ensure compliance as policies, programs, and regulations change. Want to learn more? Book a demo with us, or contact us here.

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Title

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

The Three Things You Need to Build a Sustainable and Scalable Privacy Protection Program

On a hot August day in Philadelphia in 1994, a local resident made the first e-commerce transaction on the internet, entering his credit card details to order a Sting CD. History didn’t record whether shipping was free, but the purchase was encrypted with a program called PGP, or “Pretty Good Privacy.” As the amount of data traveling across the internet has exploded since then, businesses have to ensure their privacy protection programs are better than just “pretty good.”

Lagging behind these first e-commerce transactions – but steadily growing – are privacy laws. In the U.S., for example, only two states introduced privacy legislation in 2018, but just three years later, that number grew to 29. Globally, over approximately the last 50 years, new data privacy laws have been enacted at an average rate of almost three countries per year, far surpassing 100 countries today.

As new laws take effect, existing privacy laws that have been in place for years are being revisited and revised, creating compliance, complexity and cost challenges for companies. Perhaps as a result, 44% of organizations in a recent survey said they are failing to adhere to data privacy regulations. How, then, can a company build a sustainable and scalable privacy protection program? It starts with a focus on three fundamentals.

Start with the Fundamentals

A company needs to answer three questions – and implement the processes – to build a sustainable and scalable data protection program:

1. What data does the company have?
2. Who has access to the data?
3. What's being done with the data?

Data mapping. Data isn’t static, and creating a data inventory can’t be static either. With the move away from on-premise servers and toward the cloud, data can be inside an organization, at rest, or traveling back and forth to and from the cloud or third-party vendors. Manual processes are basically obsolete, with automation as the only way to truly discover the data a company holds and where it is at any given point in time.

From a privacy program perspective, data mapping connects data to the identity of the individual with whom it is associated – a critical function to meet compliance obligations of existing privacy regulations. For example, a key right granted to consumers under most privacy laws is the data subject request (DSR). When a consumer requests access or deletion of their data, a platform with automated data mapping will identify, match, and link records from all sources within a company, providing an efficient method for responding to DSRs while also creating a privacy audit trail.

Data access. In addition to standard safeguards, such as encryption and device management, access to data should be managed with least privilege access. With this approach, data access is granted to users with the minimum level of permission needed to perform the individual’s responsibilities or a specific task. Least privilege access minimizes potential damage in the event of a data intrusion. For example, if an employee’s account is compromised, the intruder will only gain access to parts of systems to which the employee has authorization, rather than gaining access systemwide. By restricting access, you’re restricting potential damage.

Data processing. When the EU introduced the General Data Protection Regulation (GDPR) in 2018, businesses were also introduced to the Record of Processing Activity (ROPA). While some consider ROPA’s just another obligation, the requirement also has a distinct benefit: a ROPA forces a company to understand what it is doing with the data it holds. A ROPA is the list of personal data a business possesses, how the data is used, where it is transferred, how long it is retained, and how it is protected. Any time a company’s procedures for processing information changes, the ROPAs should be updated, which ensures compliance as a company’s privacy program scales.

Relyance for Compliance

Data privacy automation is the most efficient and effective way for a company to ensure compliance with changing and growing privacy regulations across the U.S. and around the world. Using machine learning, Relyance builds a dynamic, real-time data inventory and map requiring very little access so companies can monitor how personal data moves through their code, applications, infrastructure, and to third parties. This map is always up to date, providing a solid foundation for the privacy program. The Relyance AI platform enables the entire organization to manage privacy and data protection with a one-stop solution, and data-driven insights keep key staff focused on the most important privacy issues to ensure compliance as policies, programs, and regulations change. Want to learn more? Book a demo with us, or contact us here.

Blog Post

The Three Things You Need to Build a Sustainable and Scalable Privacy Protection Program

Sep 28, 2021

Get the whitepaper

Required field*