For companies, the epidemic has accelerated the digital transformation at an unimaginable speed. Companies have rapidly adopted services like contactless payments, click-and-collect applications, enhanced customer relationship management, remote meetings. These are vital for businesses to continue but it leads to new risks. There are potential privacy issues that would prove damaging if mismanaged.
Companies with expertise in real-world setup are rushing to digital setup where they are novices and pumping huge amounts of user data into new systems. These changes carry the risk of personal data being mismanaged and vulnerable to exposure.
There are two major challenges that companies face today - they need to make quick decisions on procuring new technologies and they lack the experience with the data processing infrastructure. There could be a temptation to treat privacy concerns as secondary but that would be a mistake and may lead to companies facing the risk of lawsuits, fines, etc.
This need not be a difficult task if you take a few, simple steps to minimize the risk of a security breach. Consider implementing these privacy focussed measures.
Be mindful of how your vendors and partners use customer data:
When reviewing DPA(Data processing Agreements) with the vendors ensure they ard privacy complaint and that their data policies align with your stated data policies as the company would be held liable for failure to perform due diligence on third parties that process customer data.
Also, ensure that the vendors would not subcontract unless explicitly instructed by you.
When processing data, perform impact assessments to monitor risk:
Implement basic risk assessments for data activities like data storage, subcontracting, etc., Also maintain a paper trail of the proactive steps taken to mitigate risks.
Strive for clarity in your privacy policies:
Check your privacy policy document to ensure that it is read and understood by all of your customers, not just the legal department. Your priority should be to help your customers understand your policy and trust your company.
Designate a Data Protection Officer(DPO)
It is better to centralize responsibility for data decisions is better than across multiple departments. By having a DPO, you have a single person for privacy concerns in an organization and a vital liaison for regulatory authorities. Even if the person lacks privacy experience, having a single source to focus on privacy is a quick, conscious way to derisk.
Managing rapid digital transformation can require taking risky action. This can be reduced to a large extent by following simple, process-driven steps to shore up privacy. neglecting this aspect can have serious implications for the company.
Have Your Privacy Policies Kept Up with Your Digital Transformation?
by Cillian Kieran HBR June 29, 2020
Comments
Post a Comment