Exterro: 10 Steps to establishing defensible data privacy practices
The regulatory landscape is changing at lightning speed. About 64% of countries now have data protection or privacy legislation and there are numerous new laws on the horizon, including a further 8% of countries with draft legislation.
Organisations’ obligations to manage data—and the costs of failure—are growing exponentially. Just look at some recent examples. A well-known retailer paid almost €64 million in settlements with banks, states, and class action suits stemming from a single data breach. In July 2019, a social media company received a €4.6 billion privacy fine, representing about 9% of their annual review—more than double the maximum percentage (4%) of annual revenue that can be imposed as a penalty under the EU’s GDPR.
Organisations should already be thinking about how they can leverage new technologies to ensure their practices get compliant and stay compliant in the turbulent future ahead.
Exterro has put together a helpful guide to help organisations determine the essential methodology for managing data and mitigating risk in accordance with recent privacy and data protection regulations. In the guide, we cover:
- The critical foundation of knowing your data
- Syncing your data privacy activities and objectives
- Operationalising data retention
- Defensible data deletion
- Third party and vendor diligence
- Responding to Data Subject Access Requests (DSARs)
- Managing privacy consent
- Incident and breach management
- Automating employee status changes
- Future proofing your organisation