To avoid these issues, organizations are increasingly outsourcing their DPOs. Our Data Protection Officer as a Service (DPOaas) provides companies access to independent privacy consultants who will monitor your compliance, conduct audits and represent your organization to data subjects and regulators.
Another hot topic during the event was unsurprisingly the introduction of CCPA. With similar implications as GDPR, CCPA will radically transform how businesses across the USA and beyond handle Californians’ personal data. Also, despite having well over a year to prepare for its arrival on the 1st of January 2020, many businesses are falling short.
Seemingly mainly because of a lack of understanding or awareness of the status of the Californian privacy law itself, organizations are struggling to come to terms with its nuances and requirements, such as data consent, opts-ins/outs and consumer access requests.
And whilst businesses play catch-up, another stream of conversation that followed was “what’s next?” Privacy does not stop with the GDPR and CCPA, and with proposed privacy laws from many more US states and countries, what will the next new round of obligations look like? And how will businesses prepare?
Bridging the gap between privacy professionals and Infosecurity
A subject that many privacy professionals can relate to – being able to understand and be understood by IT and Infosec teams.
As privacy laws evolve, they are driving an ever-increasing technical agenda. For example, GDPR’s Privacy by Design requirements are not an issue of legislation, but of technical oversight. Performing these obligations therefore naturally requires privacy professionals and their counterparts in technology and security to co-operate.
Unfortunately, both sides tend to speak a different language. Some words have completely different meanings on both sides of the fence. For example, to a privacy professional, the word “ensure” implies a guarantee that a certain action will be taken, but the same word to a security professional means that there will be vague oversight of a situation. These are far from the same thing! Unsurprisingly, the split lexicon of the two teams can lead to misunderstandings that have substantial commercial and reputational impacts on the business.
Calligo’s Jennifer Wu, Privacy Consultant, even presented on this topic on the Little Big Stage during PSR. Jennifer highlighted the common mistakes both sides are making and how it’s hindering Privacy by Design. She also made recommendations on how to avoid these issues, and how Privacy teams and IT / Infosec teams need to build a better working relationship, which depends on speaking the same language.
If you missed Jennifer’s presentation or would like to discover how to understand or be understood by your CISO and CIO, our ebook “The Privacy Rosetta Stone” provides real-life case studies on three businesses who encountered this language barrier, the impacts it had on their businesses, and how they fixed the problem. It also includes top tips on how to identify a good and bad Privacy and Technical relationship and how to create your own Rosetta Stone.