“You can’t really know where you are going until you know where you have been.” (Maya Angelou)
Every data-driven company should have a privacy framework in place. If your company hasn’t yet taken the time to orient itself to this new space, here are a few common reasons why now is the best time to get started:
- You’re operating in the European market where privacy is taken very seriously
- Based on trends in regulation and business (for example, the Apple iOS update in April 2021), you anticipate that eventually, every company needs to meet the GDPR-like requirements, regardless of jurisdiction
- You are already operating in the EU or other regions with data protection laws but so far, you’ve been fortunate to fly under the radar of supervisory authorities
- You’re based in the US and need to comply with the California Consumer Protection Act (CCPA), the recently passed Virginia Consumer Data Protection Act (VCDPA), or other upcoming State laws
- You want to stand out as a company with a strong reputation for data privacy.
There are a number of reasons it’s important to get up to speed on data privacy/protection. Privacy is a complex field that isn’t easily understood without some assistance. This is because there are several different frameworks currently competing to be the standard-bearer of global privacy norms. The current leader by a long shot is the EU’s GDPR – it was the first meaningful privacy regulation and many countries have modelled their own privacy laws around it.
The GDPR is replete with a whole range of acronyms and concepts that are hard to understand, especially to someone learning privacy for the first time. These include data protection impact assessments (DPIAs), records of processing activities (RoPAs), lead supervisory authorities (LSAs), legitimate interest assessments (LIAs), standard contractual clauses (SCCs), and binding corporate rules (BCRs), to name but a few. The terminology is vast and the GDPR itself is a complex interaction of many different articles and bylaws: some of them are requirements, some are best practices and some are merely recommendations. Unless you’re an expert in privacy, it becomes very difficult to turn the GDPR’s framework into actionable takeaways.
What is the return on investment for data privacy?
The 2020 Data Privacy Benchmark Study found that 70% of organisations say they received significant business benefits from privacy beyond compliance. This is up from 40% last year and includes better agility and innovation, increased competitive advantage, improved attractiveness to investors, and greater customer trust.
The same study found that for every dollar spent on privacy, the average organisation is getting $2.70 in associated benefits.
Know where to start
Learning all this material is time-consuming and generally impractical for any single team member to tackle on top of their existing job within the company which is where the fast-track health check comes into play. The value of a HewardMills health check is in our ability to translate the complexity of privacy compliance into a set of simple and straightforward questions for your team to answer. Based on our expertise, we assess what kinds of data protection/privacy implications derive from your circumstances. And with our global team, we do this not only with the GDPR but with any privacy law around the world, turning your privacy obligations into a clear and concise action plan.