We talk to many different stakeholders in organizations concerned with privacy compliance. From sales, who want to sell the product or service faster, to heads of legal and compliance who want to be compliant while minimizing their spending.
Here we have collected some of the reactions we initially got. If you find yourself here, we should talk 🙂
IT companies are great in what they do. They provide you with the necessary software and business applications to move your company forward. Sometimes they even offer data security solutions and consulting. But what they usually don’t provide is a specialized crew and solutions on privacy compliance. This topic is very much driven by legal aspects and less by IT questions. Information security is not privacy compliance.
Companies in Group structures are great. Relevant local knowledge can be acquired in the local markets and is the most relevant. But what about things like documentation and shared services? How are documentations kept for shared services? Does every local market keep their own records of shared services in their record of processing activities. What happens if the shared services must be edited? Must all records be updated? Our solution has you covered. Shared services update in every ROPA automatically.
That sounds great. You’ve already got policies in place and are also updating them in accordance with the PDCA cycle. But what about monitoring your vendors and their data processing agreements? Is your data transferred to the US by using Google? What is the transfer mechanism you are using to staying compliant? Our solution makes sure that you have all your bases covered, not just some.
Cool, we have the same goal. Minimizing the effort you have to make to maintain privacy compliance. How do you keep track of the manual processes and make sure that you have a audit log on your processes? You want to make sure that all your manual processes have a clear audit trail to be able to show compliance. How do you do that? Doing it manually seems like a lot of effort?
Naturally, with Covid-19 and the radical change in business models and markets, privacy compliance is not the 1st priority. Yet, we believe it should be a determining priority. Why? Because over 63% of customers consider the privacy protections of any vendor before buying a product. From experience having software vendors as our customers, we can clearly say that the amount of DPA (Data Processing Agreements) negotiations and privacy audits pre-sale have increase. For your sales, it is definitely a determining factor.
Technical and organizational measures are one of the main pillars of privacy compliance. In some jurisdictions there are even personal fines of 250k for not having them in place. Besides the TOM, there are many more elements such as ROPA, DPIA, DPAs and risk management. If this was set up two years ago, these elements of privacy compliance should have been reviewed and updated at least yearly or as the risk profile dictates. Conducting reviews is an integral part of our software and secures your organization by providing evidence of a working PDCA cycle.