GDPR

Data Privacy Best Practices

3 tips for implementing a new data privacy program

Data Privacy Best Practices blog image

Only 22% of Information Management professionals in a recent study were confident in their organization’s approach to privacy. With nearly 100 fines levied since the May 2018 enactment of GDPR, the passage of the California Consumer Privacy Act (CCPA), and talk of new federal privacy legislation, it’s shocking that more organizations aren’t prepared.

Shifting Priorities

Although data privacy has become a hot news topic in recent years, organizations have yet to give it the time and attention it deserves. For U.S.-based entities to take data privacy seriously, there must be a public incentive to comply and real consequences for doing nothing.

Consumers have historically allowed organizations prolific use of personal data so long as those organizations provided valuable services for free. In recent years, however, the misuse of this data has had widespread and very public effects on politics, financial security, and personal safety. The cultural shift necessary to shift corporate priorities quickens with each new bit of breaking news.

Data Privacy Best Practices

Achieving data privacy—and compliance—across the enterprise requires an efficient, universal information governance program. While implementing such a program may seem daunting, it’s important to break it down into actionable tasks.

  1. Include All Stakeholders. Data privacy demands consistency across all business functions. An effective data privacy committee should involve stakeholders from all units, including records, legal, IT, compliance, and the C-suite. Without buy-in from all relevant functions, your project could be doomed from the start.
  2. Take Inventory of Your Data. After you build your committee, understand how your organization handles personal data, what it collects, and where its most high-risk areas are.
  3. Create an Implementable Policy. Once you have an accurate picture of your organization’s data environment, you will be in a position to make an informed action plan. Be sure such policies have action plans attached and determine what new staff, technologies, or projects will be necessary to implement it. After all, a plan is only good if you follow it.

As data privacy increasingly becomes a public and regulatory priority, it’s time to get prepared. Learn more about ZL’s recent privacy study and what our findings mean for your organization here.

My name is Cal, and I'm from Chelsea in West London. I recently graduated from The University of Notre Dame with a degree in Marketing. I am a lover of all sports, enjoy traveling, and am a big Liverpool FC fan, but there is nothing I love more than Information Governance. With such an ever-changing industry and evolving technologies, is there really any better place to be?