If your company handles consumer data and are wondering where to start with a data privacy compliance plan, the latest episode of the Technically Legal Podcast has some great, practical advice for just that.
Brandon Wiebe, GC and Head of Privacy at Transcend offers a good overview of various privacy regulations, tips on how to start thinking about a data plan and how software can help automate certain parts of the process.
Brandon explains that most data privacy laws, like the General Data Protection Regulation (GDPR) in the EU and U.S. state laws like the California Consumer Privacy Act (CCPA), generally require similar things of companies:
- notice at the time of customer data collection
- implementation of data security obligations
- that companies have a lawful basis for collecting information and that use of the information is consistent with the companies stated purpose for collecting it
- individuals have the right to opt out of data sale or sharing.
Despite the many data privacy laws already enacted and new ones on the horizon, Brandon emphasizes that data privacy teams should not let perfect be the enemy of good. They must get started somewhere in their data privacy policy journey.
Where to begin? Brandon suggests a data map so you know where all your data is and why you are processing it. Once that is done you can see if there are opportunities to collect less data or purge data.
Once a company has its data mapped, it can more easily comply with customer requests for information as permitted under data privacy laws and can also ensure it is not keeping more data than needed.
Brandon also touches on why AI can complicate data privacy efforts, but also notes that artificial intelligence can also assist with data privacy efforts.