How organizations can ensure data is securely held and responsibly collected as consumers reclaim power over their data
In 2019, most companies would agree that they have vast amounts of information about consumers at their fingertips. From storing cookies on websites to tracking consumer locations, organizations are collecting and storing huge quantities of data every day. Recent regulations in Europe (GDPR) and regulations soon to be implemented in California show the beginning of a journey for consumers to reclaim power over their data. But there is still more to be done within organizations to ensure data is securely held and responsibly collected. Here are five ways organizations can be data-smart:
1. Respect the Human Behind the Data
When collecting personal data, organizations should remember that the data reflects real people. Decision-makers should consider how they would want their own data to be treated by an organization and apply these thoughts to the company’s processing activities.
It’s easy for organizations to forget that the personal data belongs to the data subject, not the company that collected it. As an organization, your accountability for the personal data you collect extends to ensuring that personal data is protected from unauthorized access or disclosure without the clear and informed permission of data subjects. Unauthorized use of data could have a terrible impact on the data subject if it were to be made public or abused by individuals with ill intentions.
2. Invest in the Right Data Management Resources (Even if They’re External)
The processing of personal data may unleash an organization’s potential, but it should be considered an important asset to protect whenever it’s used. It’s important to invest in both human and technical resources that allow you to manage your dataflows accordingly. This means training your operational teams and investing in cybersecurity.
Organizations should carefully curate the tools and methods used when processing personal data and should pick tools that ensure they are embedding concepts like privacy by design and by default into processing activities. The tools themselves should help fulfil promises to data subjects (as well as legal obligations).
Investing in independent data protection and privacy expertise is another way to effectively and safely process data. Both SMEs and large multinationals should make sure that the decisions they are making about personal data are consistent with the fast-developing practice and receive an external viewpoint that isn’t driven by profit considerations.
3. Be Transparent
Organizations must be transparent about the data they are collecting and what they intend to do with it (including with whom it is going to be shared, in what form and under what conditions) with the people they are collecting it from. The company’s intentions should be made clear to everyone, regardless of age or technical competence.
This has to include the plans for current data usage as well as plans for the future. Data subjects don’t like to discover a change in purpose operated without their knowledge. Organizations should think not just about how they plan to use personal data today but how they intend to use personal data in the future. These plans should be communicated to build trust with those who provide their data to an organization.
4. Don’t Be a Hoarder
We’ve all heard the benefits of decluttering our personal lives and homes, but organizations should take these same anti-hoarding attitudes toward their data. Having an unusable lake of outdated personal data only increases the risk of leaks and consequent fines that can bring down organizations. You should only collect the necessary data and limit the collection of personal data to those relevant for the project.
5. Know Your Data Flows
Organizations are accountable for the data they are processing and using. Not knowing the source of data or the conditions under which they can access it is not an acceptable excuse to avoid the responsibility of data breaches. Therefore, organizations should be aware of all the data coming in and data going out of the organization across all teams.
Many organizations only need to make small changes to make sure they are data-smart. When consumers are putting their trust in organizations to handle their information safely, companies simply can’t afford not to make those amendments to ensure it’s secure.