2020 continues to be an eventful year for privacy stakeholders trying to meet rising compliance demands. In a matter of weeks, attention has shifted from the CCPA to EU-U.S. data transfer to the new Brazil privacy law. Let us not forget, however, that new obligations do not replace the previous ones; they are simply added to the growing list for data privacy compliance.
What is data privacy compliance?
In its simplest form, data privacy compliance refers to the controls placed on the use of data. Depending on who you ask and under what jurisdiction, say under the GDPR for a multinational company, that definition may be interpreted as a set of obligations regarding how personal data is collected, processed and shared. From the perspective of consumers in the U.S., data privacy compliance can be more loosely thought of as the right to dictate how their information is used.
The challenges of an ungoverned data privacy approach
Data privacy compliance requires organizations to develop an understanding of what data is in their environment. Without this understanding, organizations lack the foundation to begin, expand, and automate privacy operations. An ungoverned data privacy approach results in:
- Manual processes to locate data including exchanging emails with data owners and data stewards to find relevant data such as PI (personal information)
- Extra steps to upload data from data sources to third-party mapping tools just to gain visibility of data usage
- Additional efforts to sift through spreadsheets to track privacy program progress and produce audit reports
Ultimately, an ungoverned privacy approach can lead to GDPR fines of 4% of worldwide annual revenue or up to €20 million and CCPA fines of $7,500 per case plus civil action.
Benefits of a governed data privacy approach
In one IDC study, organizations with a data governance foundation reported a 14% productivity gain for data teams responsible for supporting data privacy efforts. Those teams saved time, for example, by having ready access to metadata for efforts such as data mapping and compliance reporting. A governed data privacy approach enables organizations to:
- Quickly identify the location of PI and PII (personally identifiable information)
- Better understand and monitor user access to PI within the organization
- More easily maintain data privacy compliance by providing visibility into data and generate regulatory and management reporting
Automate data privacy governance with Collibra
Data privacy compliance enables organization-wide collaboration around compliance efforts and automation of processes such as the classification of relevant data. Through Collibra Data Privacy, privacy stakeholders can rely on faster and more accurate identification of data through PI Discovery and Classification. Once they identify relevant data, they can use it to address data subject requests through the Individual Rights feature or monitor access to PI through Policy Enforcement. Collibra Data Privacy helps organizations increase productivity for all privacy stakeholders from those fulfilling data subject requests upfront with consumers to those managing the data in the backend. Automating data privacy governance is the next logical step for organizations ready to achieve meaningful ROI from their technology investments and accelerate their privacy efforts.