by Lori Smith on April 3, 2019
3 minute read
Only a few weeks away from the one year anniversary of the GDPR and where do we find ourselves in terms of compliance? We found that most organizations have spent hundreds of thousands of dollars preparing for GDPR but are stuck on putting those plans into action. One of the biggest challenges? Integrating privacy across various business units such as sales, HR, marketing, IT and more.
The Big Challenge: Privacy Operations
According to IAPP, "Engineering Privacy" was one of the most popular sessions at their Global Privacy Summit last spring. Questions ranged from "How do you design for the user experience with privacy in mind?" to "How can you help make data governance possible for engineers? to "What are some practical approaches to real-world issues involving cross-border data transfers for global vendors?"
Managing Data Processing Activities in Ongoing Way
Moreover, in CPO's annual survey of Data Protection and Data Privacy Officers they found that maintaining an ongoing and accurate record of all data processing activities is one of the biggest challenges for meeting GDPR compliance. While many organizations have taken the time to map data processing activities, there is inevitably scope creep and it's hard to maintain and ensure accuracy of one's data inventory. This is in part because spreadsheets remain the #1 tool for tracking data processing activities. Clearly, as business processes grow, spreadsheets become untenable. That's why privacy leaders are seeking more intelligent, automated solutions to keep their data inventory and assets up-to-date.
Third Party Risk Management
Another commonly cited challenge for meeting GDPR compliance and data protection regulation is the integration and alignment of privacy across third party vendors. Businesses currently use hundreds, if not thousands, of third party vendors to store and process PII. It's nearly impossible to keep track of all this data across vendors and ensure data processors remain compliant.
So...what is a privacy officer to do?
Privacy Operations or PrivacyOps, is a new functional group and an emerging department that manages the full range of privacy operations across Marketing, Sales, Analytics, Services, HR and back-office operations. The PrivacyOps framework unifies data governance and operation silos across all functional areas including: privacy and access governance, on premise operations and third-party processing.
What does PrivacyOps Success Look Like?
PrivacyOps leaders provide key stakeholders (customers, employees, and partners) the means — through an automated, user-centric, and always up-to-date experience—to intuitively, easily and respectfully exercise their privacy and data access rights.
Privacy and access controls systems detect, predict, and report non-compliant events; they operate across all departmental and intra-organizational boundaries; and they are always prepared to demonstrate proof of privacy and access compliance.
Individuals can intuitively and easily exercise their rights via an up-to-date user-centric experience, and be assured that their rights are respected
Privacy and Access controls are part of technology solutions
Fulfilling privacy and access obligations is a routine and automated activity
Privacy and Access controls systems detect, predict, and report non-compliant events
Privacy and Access natively operates across all departmental and intra-organizational boundaries without data and information silos
Organizations are always prepared to demonstrate proof of privacy and access compliance
How Can You Learn More about PrivacyOps?
Glad you asked! Feroot interviewed data privacy, governance, access rights, cybersecurity, IT operations, enterprise planning, marketing, sales, and customer success experts across a wide variety of industries to create the definitive PrivacyOps Framework. Just click on the link and read away! We're always open to feedback, so feel free to contact us to share your thoughts with us too (firstname.lastname@example.org).
About Feroot Privacy
Feroot is a Privacy Operations & Monitoring Platform that helps you maintain all of your data processing activities across third party vendors and on-premise applications. Request a demo today to learn more!