Research: The Key Ingredient to a Successful Privacy Program
Your organization worked hard to complete compliance activities for the GDPR leading up to the May 25, 2018 deadline. However, we all know that May 25 was not a project completion date – it was actually the start date – to be able to demonstrate GDPR compliance on an ongoing basis.
With European Data Protection Authorities (DPAs) continuing to add nuances to their enforcement of the GDPR as well as new privacy laws such as California Consumer Protection Act (CCPA) and Brazil’s General Data Protection Law (LGPD) on the horizon, privacy professionals are faced with increasing challenges to continually demonstrate compliance across a myriad of changing and increasing global legislation.
We often talk about taking an accountability approach to privacy management as the key to achieving, maintaining, and demonstrating ongoing compliance. Underlying the accountability approach though, is a key ingredient, core to the success of any privacy management program: compliance knowledge through research.
As laws are implemented, amended, and challenged, on a seemingly daily basis, privacy knowledge software becomes fundamental; providing the necessary information to understand privacy obligations either on-demand (in the form of a searchable database), or proactively (in the form of alerts, reports, or push knowledge). Privacy knowledge software equips the privacy office with the tools to advise on compliance with up-to-date references and a thorough understanding of legal requirements.
Trying to do this manually, without the use of privacy knowledge software, is a painful and time-consuming process. To compound the issue, the moment the analysis is put together it is in danger of being out of date.
The key to privacy knowledge software is the ability to help an organization minimize the time to compliance by providing the depth and breadth of knowledge to keep up with the pace of change. This is a tall order for a privacy or legal team and the last thing they need is to waste valuable time conducting due diligence on research that is supposed to be current. Core to this objective of minimizing the time to comply is an organization’s ability to trust in the accuracy of the information. This requires privacy professionals to be able to:
- Understand compliance with access to both current and historical information, with the ability to summarize analyses of all authority documents that would impact compliance, including regulator decisions, guidelines, and court documents.
- Read and analyze laws according to specific requirements, based on existing research, and identify requirements in law.
- Stay informed and be responsible for compiling all the key developments in privacy compliance, including regulator decisions, regulator guidelines, court cases, bills, and legislative changes.
- Inform stakeholders about compliance responsibilities on an ongoing basis and respond quickly to requests from the business.
Trust in the information being provided in order to be efficient and responsive to the business was critical to our customer Northern Trust when they evaluated numerous privacy research and compliance solutions to streamline their research efforts before selecting Nymity. Jennifer Schack, Senior Vice President, Global Head of Privacy & Compliance at Northern Trust cited Nymity’s ability to give on-demand access to the most current developments in privacy law as well as insights into how those laws compare across jurisdictions. Read more about how Northern Trust uses Nymity’s Research & Alerts™ and Law Comparisons™ solutions here.
When evaluating a solution for privacy knowledge software, we recommend considering three elements:
- Number of references. Does the solution provide the depth and breadth of references in the solution to ensure there are no knowledge gaps?
- Geographical depth. Does the solution provide truly global research coverage or is it stronger in certain jurisdictions and weaker in others?
- Currency of information. Is the solution up to date and can you trust the information?
Nymity’s Research & Alerts™ is designed to help privacy offices reduce the time to privacy compliance and leverages over 17 years of deep privacy compliance analysis created by Nymity’s privacy and data protection experts. We have built-in expert research analysis, sophisticated alerting technology and advanced push reporting functionality, making it easy to capture compliance developments and requirements, report to stakeholders and help reduce privacy risk. We generate powerful Rules tables, maps, and lists empowering the privacy office to identify and compare legal obligations across multiple jurisdictions in minutes enabling them to be efficient and responsive to the business.
We have a number of resources to help companies stay on top of changes privacy legislation globally. Most recently, we conducted our quarterly webinar on the latest developments on national laws within the GDPR.