7 Questions to Ask Before Creating A Data Compliance Strategy

Posted 6 months ago by Karim Marucchi and Rian Kinney, Esq.

Is Your Company Data Smart?

Pull up the latest tech news, and the top headlines likely involve a massive data breach scandal or talk about the upcoming international privacy regulations. Global data privacy concerns are a hot topic: According to IDC, the digital universe – the data we create and copy annually – is more than doubling every two years, and data bits are projected to reach 44 trillion gigabytes by 2020. For the enterprise, while this unprecedented explosion of data comes with a new world of business opportunities, it also comes with very real risks. As more laws emerge, and as significant fines will be imposed upon companies found to be noncompliant, user privacy and security can no longer remain an afterthought.

Implementing Digital Privacy Updates That Also Bolster Business

To prepare for the massive influx of consumer data collection, storing and sharing, it’s vital to create a strong privacy framework today that keeps user data secure while also advancing your business goals. To do both requires intimate knowledge of your data: how it is collected, where it is stored, and to whom access is granted. Mastering this information will not only help your business avoid hefty monetary penalties and legal recourse, but will also make it possible to leverage your data for increased efficiency and profit.

Because most companies operate off of a website that has been customized or hybridized to some degree, there is no one-size-fits all approach when it comes to data security and storage.

The data we create annually is more than doubling every two years, do you have a Data Compliance Strategy? #GDPR #HIPAA #ePrivacy Click To Tweet

Factors to Consider Before Creating
A Data Compliance Strategy

interview-line-red

How is your company currently collecting data?

The ways in which companies collect user information online is now being strictly monitored. For example, if you use opt-in forms or cookies that collect personal information on your website, you must ensure there is explicit consent and full transparency surrounding the information gathered. Simply stating that your website uses cookies, or ask for permission with a pre-checked box, will result in a GDPR violation. To become up to date, your website may require some backend development.

interview-line-red

Who can see your company’s data, and for how long?

GDPR now requires that organizations’ Privacy Policies be updated to fully disclose any parties, including partner companies, that will have access to the user data collected, including what the data will be used for, and for how long it will be stored. By law, some data types need to be retained for several years, while other types need to be kept for only a couple days. When creating your company’s data retention policy, determine which of your company’s data is the most sensitive or important, and prioritize your storage resources accordingly.

interview-line-red

Is your company using the appropriate security level for the types of data it collects?

All data is not created equal. The storage strategy your company chooses must align with your data’s business value. For example, how quickly do you need to be able to access the data on a regular basis? Who must be able to access the data? How long will the data need to be stored? How secure does the data need to be? How quickly will you need the data recovered if lost? All of these answers require different technical implementation, will help inform the ideal level of storage required.

interview-line-red

Where is your company’s data currently stored, and is that storage solution optimized for your business needs?

When contemplating the best storage solution for your business needs, there is more to consider than just storage types (such as an external hard drive versus online storage versus network-attached storage (NAS)). Rather than selecting a single storage strategy for all your data, consider your departments’ individual workloads to choose the right storage strategy for your company’s diverse needs. The smartest solution will most likely offer the flexibility to store data in a variety of places, like on premises, in the cloud, or both. Additionally, companies with remote employees should be optimized for mobile and virtual platforms, as well as able to provide a consistent and secure user experience across these platforms.

interview-line-red

Can you combine different data types on your company’s data storage platform?

There are three types of data: Structured data, which includes clearly defined, easily searchable data types (like phone numbers, ZIP codes and Social Security numbers), and usually resides in a relational database or data warehouse; unstructured data, which is less easily searchable (like audio, mobile data and social media postings), and usually resides in applications, NoSQL databases and data lakes; and semi-structured data, which separates data elements to allow for information grouping and hierarchy (like emails). Most modern companies deal with more than just one data type on a day-to-day basis.

So, when considering a data management platform for your business, the one you choose should be able to easily combine different data types from various systems, like transactional systems and email servers, without wasting a significant amount of time and money on data modeling efforts.

interview-line-red

What is your emergency plan if your data is lost or compromised?

Your company’s data must be secure both physically and virtually. That means encrypting your data from the beginning so that it cannot be read if hacked or otherwise inappropriately accessed. As an extra step, encrypted data can be secured in an outside location in the case of a natural disaster or other emergency. But if you can’t recover your data to begin with, no number of backups is going to make it appear. Identify your organization’s backup method early and test it often, making sure to include disaster recovery testing and auditing of your data pools. In case of a personal data breach, GDPR mandates that organizations report the breach to the relevant supervisory authority within 72 hours of becoming aware.

interview-line-red

Do you understand your company’s compliance needs from a legal and ethical standpoint?

All companies are now held accountable for their own data compliance, and this is especially true for large corporations that are publicly traded or in highly regulated industries like air transportation or pharmaceutical manufacturing. Knowing the specific privacy rules and regulations of your industry is critical to maintaining data compliance. If you outsource your data storage and management to a managed service provider, be sure to thoroughly check that agency’s track record and credentials to ensure they can handle your business’ unique data compliance and security needs. Knowing your industry’s privacy laws, or consulting with the experts who do, can prevent your business facing fines and penalties.

Taking Action To Keep Your Data Secure

Getting your website up to date with new and existing data privacy rules and regulations can seem complicated. First and foremost, we must remember why these parameters have been created in the first place: to create a more secure internet, and to protect the privacy of users worldwide, including you. To us, that alone is reason to comply.

We’ve recently launched Data Compliance Consulting, a comprehensive new service that combines the technical expertise of our coding experts and website architects with the legal knowledge of a qualified Data Privacy Officer. Through a fourfold approach including assessment, reporting, implementation and monitoring, we will bring your website up to speed with the latest rules and regulations surrounding the personal and private information collected online. Contact Crowd Favorite today to plan your company’s Data Compliance strategy, and avoid fines and penalties later.

Who is Crowd Favorite?

Crowd Favorite builds high-end digital solutions for medium- and enterprise-level companies around the world, with particular expertise in digital design, web development, mobile development, and systems integration. Past clients include Walmart, Sony, Yahoo, Miramax, National Geographic, Nike, BMW, Microsoft, and many others.