GDPR may have come into effect a year and a half ago, but the issue of privacy remains the most important aspect of data management. Despite businesses taking increased measures to safeguard data and comply with GDPR, consumers continue to be concerned about their privacy and the security of their personal information and transparency around the use of data, particularly for marketing, has increased. Research has found that 37% of the general public don’t trust marketers to use their data responsibly. With a heightened awareness of both the misuse of their data and the value of it, a growing number of individuals are reluctant to share their information with organisations and are demanding greater control over it.
While organisations already have processes in place to comply with GDPR, in order to reassure consumers, businesses must continue to enhance their processes and policies. After all, failing to do so may result in fines from regulatory bodies and could also cost them the trust of their customers. With this in mind, businesses are finding new ways to tackle the issues of privacy and security relating to personal information head-on.
While the subject of privacy is a board-level and senior management risk issue, barely half of organisations have adequate controls in place. As companies begin to look beyond compliance to drive competitiveness through the governance of personal information, the issues of trust and ethics pertaining to that information become more crucial to the success of the business. More organisations are beginning to treat personal information as a critical asset and are appointing senior people to lead the governance and ethics roles. One of the most effective ways businesses are doing this is by developing new roles with the sole purpose of protecting privacy, with businesses like InterSystems appointing either a Data Protection Officer, a Trust and Ethics Officer, or a Chief Ethics Officer to ensure compliance and trust are maintained through the ethical use of personal information. The creation of these roles sends a strong message that trust, and by extension, privacy, security, and ethics, are at the forefront of the culture of an organisation. But more than that, this approach moves the discussion on from businesses purely being interested in being compliant, to focusing more on operating ethically and doing the right thing.
Since GDPR was introduced, a growing number of businesses have been trying to put data privacy on the radar of their entire organisation. These companies are making it everyone’s mission to have an understanding of provenance and the use of information, with everyone taking accountability for how the organisation collects, uses, and shares personal information. The idea of accountability is that “we say what we do and we do what we say” and, importantly, “we stand by doing what we do.”
Businesses are also beginning to be accountable for how they talk to their customers about data privacy. This is leading some companies to be more open about what they are doing with personal information and how they are protecting it. With big data breaches hitting the headlines it’s unsurprising some people are hesitant to share their personal information. However, by taking an open and honest approach to talking to customers about how their personal information is used, stored, and shared, it may be possible to overcome the distrust these occurrences tend to inspire.
Governance frameworks are also being used to look at the issues of privacy and security and how the related business processes can be consistently and reliably implemented across an organisation. The adoption of these frameworks goes beyond compliance because it ensures appropriate behaviour in the creation, storage, use, and deletion of information through the integration of processes at all levels of an organisation. Within such a framework, the organisation examines both privacy and security matters with the former putting a focus on the collection, use, and disclosure of personal information, whilst the latter concentrates on the confidentiality, integrity, and availability of that information. As organisations implement a governance framework, they may seek outside auditors to demonstrate that they are trustworthy.
In today’s competitive landscape, businesses can’t afford to become complacent. Building on the foundations of GDPR compliance, companies must look to appoint somebody to lead their efforts to maintain a stringent data privacy program and instil a culture of accountability. As more businesses begin to realise the importance of safeguarding personal data, this approach will become more commonplace, with trust and ethics influencing decisions on the processing of customer information.
Written by Ken Mortensen, Data Protection Officer, InterSystems.