How organizations can ensure data is securely held and responsibly collected as consumers reclaim power over their data
In 2019, most companies would agree that they have vast amounts of information about consumers at their fingertips. From storing cookies on websites to tracking consumer locations, organizations are collecting and storing huge quantities of data every day. Recent regulations in Europe (GDPR) and those soon to be implemented in California show the beginning of a journey for consumers to reclaim power over their data. But there is still more to be done within organizations to ensure data is securely held and responsibly collected.
Here are five ways organizations can be data-smart.
1. Respect the Human Behind the Data
When collecting personal data, organizations should remember that the data reflects real people. Decision-makers should consider how they would want their own data to be treated by an organization and apply these thoughts to the company’s processing activities.
It’s easy for organizations to forget that personal data belongs to the data subject, not the company that collected it. As an organization, your accountability for the personal data you collect extends to ensuring that it is protected from unauthorized access or disclosure without the clear and informed permission of data subjects. Unauthorized use of data could have a terrible impact on the data subject if it were to be made public or abused by individuals with ill intentions.
2. Invest in the Right Data Management Resources (Even if They’re External)
The processing of personal data may unleash an organization’s potential, but it should be considered an important asset to protect whenever it’s used. It’s important to invest in both human and technical resources that allow you to manage your dataflows accordingly. This means training your operational teams and investing in cybersecurity.
Organizations should carefully curate the tools and methods used when processing personal data and should pick tools that ensure they are embedding concepts like privacy by design and by default into processing activities. The tools themselves should help fulfill promises to data subjects (as well as legal obligations).
Investing in independent data protection and privacy expertise is another way to effectively and safely process data. Both SMEs and large multinationals should make sure that the decisions they are making about personal data are consistent with the fast-developing practice and receive an external viewpoint that isn’t driven by profit considerations.
The processing of personal data may unleash an organization’s potential, but it should be considered an important asset to protect whenever it’s used.
3. Be Transparent
Organizations must be transparent about the data they are collecting and what they intend to do with it (including with whom it is going to be shared, in what form and under what conditions) with the people they are collecting it from. The company’s intentions should be made clear to everyone, regardless of age or technical competence.
This must include the plans for current data usage as well as those for the future. Data subjects don’t like to discover a change in purpose operated without their knowledge. Organizations should think not just about how they plan to use personal data today, but how they intend to use it in the future. These plans should be communicated to build trust with those who provide their data to an organization.
4. Don’t Be a Hoarder
We’ve all heard the benefits of decluttering our personal lives and homes, but organizations should apply these same anti-hoarding attitudes toward their data. Having an unusable lake of outdated personal data only increases the risk of leaks and consequent fines that can bring down organizations. You should only collect necessary data and limit the collection of personal data to those relevant for the project.
5. Know Your Data Flows
Organizations are accountable for the data they are processing and using. Not knowing the source of data or the conditions under which they can access it is not an acceptable excuse to avoid the responsibility of data breaches. Therefore, organizations should be aware of all data coming in and going out of the organization across all teams.
Many organizations only need to make small changes to ensure they are data-smart. When consumers are putting their trust in organizations to handle their information safely, companies can’t afford not to secure consumer data.
Finn Raben is director general of ESOMAR. He has spent most of his career in market research, previously working at Millward Brown IMS in Dublin, Nielsen, TNS and Synovate. Raben serves as an external examiner at the International School of Management in Avans University in the Netherlands.