Hear from Dr. Ann Cavoukian, world-renowned privacy expert, and Ivan Tsarynny, CEO and Co-founder of Feroot Privacy, and learn how you can make privacy a collective effort across your entire organization and an integral part of product, operations, sales and marketing.
You will learn:
- How to create a business case for privacy that's benefits-focused and persuasive
- Best practices for giving customers more control over their data by integrating privacy with marketing & sales
- New ways of streamlining processes and bridging data across departments
- Strategies for creating a culture of privacy and a win-win business outcome
- Frequently asked questions (and answers!)
EXPERT WEBINAR: Integrate Privacy into Business & Product, with Dr. Ann Cavoukian
1. 5 Ways to Integrate Privacy into
Your Business Strategy & Product
| EXPERT WEBINAR SERIES
Ivan Tsarynny
Founder & CEO of Feroot
Dr. Ann Cavoukian
the Privacy by Design
Centre of Excellence
Wednesday, Dec. 5th, 2:00 PM (ET)
3. Optimize your Webinar Experience
Raise Your Hand if…
Can’t You Hear?
Having Trouble?
Chat your thoughts or
questions
Ask Questions,
See Answers!
4. Part 1
● The Foundational Principles of Privacy by Design
● Building the Business Case for Privacy
● 5 Ways to Minimize Risk
● Integrating Privacy into Marketing
Part 2
● Integrating Privacy into Operations
Part 3
● Your #1 Top Challenges & FAQs
Agenda for today
5. Dr. Ann Cavoukian, PhD
3-term Information and Privacy
Commissioner of Ontario, currently leading
the Privacy by Design Centre of Excellence
at Ryerson University.
Featured Presenters
Ivan Tsarynny
Founder & CEO of Feroot, Member of
GDPR Advisory Committee at Standard
Council of Canada
11. Privacy is Essential to Freedom
A Necessary Condition for Societal Prosperity
and Well-Being
● Innovation, creativity, and the resultant prosperity of a society requires
freedom;
● Privacy is the essence of freedom: Without privacy, individual human
rights, property rights and civil liberties – the conceptual engines of
innovation and creativity, could not exist in a meaningful manner;
● Surveillance is the antithesis of privacy: A negative consequence of
surveillance is the usurpation of a person’s limited cognitive bandwidth,
away from innovation and creativity.
13. Adoption of “Privacy by Design” as an
International Standard
Full Article:
http://www.science20.com/newswire/landmark_resolu
tion_passed_preserve_future_privacy
14. The majority of privacy
breaches remain
unchallenged,
unregulated ...
unknown
Regulatory compliance alone, is unsustainable as the sole
model for ensuring the future of privacy
Most privacy breaches remain
undetected – as regulators, we only
see the tip of the iceberg
34. First “Privacy Marketplace”
International Consumer Electronics Show, Las Vegas
“ Privacy is a hot issue right now. It’s on everyone’s
radar … Consumers asking about privacy – that was
the big takeaway. These companies in the privacy
marketplace, in large part aren’t advocates. They’re
entrepreneurs looking to capitalize on market
opportunity. They expect a larger privacy
marketplace next year and for brands to
incorporate “privacy” into their marketing…
Anyone, everyone, can understand the need for
privacy.”
Victor Cocchia
CEO, Vysk
Speaking at CES: Jan, 2015
37. Pew Research Internet Project
• 75 percent will not buy a product from a company — no
matter how great the products are — if they don’t trust
the company to protect their data
2018
2014
38. The Online “Privacy Lie” Is Unraveling
Joseph Turow and Michael Hennessy, University of Pennsylvania
Nora Draper, University of New Hampshire
Source: TechCrunch
http://techcrunch.com/2015/06/06/the-online-privacy-lie-is-unraveling/
39. 2014 Survey of Canadians on Privacy
Office of the Privacy Commissioner of Canada
40. Trends and Challenges: Consumer Confidence
People choose to give their business to firms with good
“data hygiene” – new evidence suggests that consumers
are seeking out companies that will protect their privacy.
41. Customers Value Privacy
75 per cent will not buy
a product from a
company — no matter
how great the products
are — if they don’t trust
the company to
protect their data
Source: 2018 IBM, Harris Poll
“
”
42. Evaluating a company’s privacy practices is now
part of his firm’s due diligence, especially when
companies are storing customer data in cloud
services.
“
”
Steve Herrod of the VC firm,
General Catalyst,
IAPP, The Privacy Advisor
Privacy Accelerates Sales & Investments
43. 1. Accelerate Buying & Sales Cycles
2. Grow Customer Loyalty and Trust
3. Reduce Privacy Compliance Costs
4. Mitigate Penalties
5. Future-proof Your Defensibility and
reduce Ligations and Enforcements
with Strong Proof of Records
The Business Case for Privacy
47. Only
4%of breaches were “Secure Breaches” -
where encryption was used and the stolen
data was rendered useless
48. $3.8 Million
Global Average Total Cost of a Breach
( Poneman Institute – “The 2018 Cost of a Data Breach Study”)
49. ● Data breaches are up 75% in two years, finds a report
from the Information Commissioner (ICO)
● 52% of breaches are due to employee negligence and
failed business processes
● 77% percent of respondents still lack a formal
cybersecurity incident response plan (CSIRP) that is
applied consistently across the organization, a figure
that is largely unchanged from the previous year’s
study.
(Poneman Institute, 2018)
Data Breaches
54. Boards really want to understand the
operational risk to their company, along
with the plans for how one wants to
handle risk and reduce the impact.
“
”
67. “By adopting a privacy-by-design
mentality, we can begin to transform
ideas like these into best practices
that have long-term benefits for both
consumers and brands.
Let's lead the way.”
Privacy and Marketing
69. Key Takeaways from CMA Talk
❏ Evolve from fine print to more transparent disclosure strategies.
❏ Make privacy a positive part of the brand experience.
❏ Increase consumer trust right out of the gates. Privacy can be
your competitive advantage.
❏ Be deliberate and proactive: lead with Privacy by Design rather
than privacy by chance.
❏ Privacy is good for business!
72. Privacy by Design: The Global Privacy Framework
Dr. Cavoukian is offering
the definitive
Privacy by Design Online
Course at Ryerson
University
Should you wish to sign up for 2019 registration list, visit:
https://www.ryerson.ca/pbdce/privacy-by-design-chang-school-course/
84. Data Mapping
What Do We Have?
• Assessment
• Data Processing
• Data Inventory
• Data Mapping
Consumer
Data
Database
2
Database
Processor
1
Processor
2
Processor
4
Processor
4
2
85. Data Inventory Management
(aka The Data map)
Today:
• Static
• Manual
• Error-prone
Dynamic Data Inventory
Management:
• Easy
• Automated
• Accurate
• Always-Up-to-Date
Global Application Catalog
1. Comprehensive
metadata registry
2. Centrally-managed
applications
3. Unified privacy
document
management
90. PrivacyOps: Let’s Review the Concepts
User-Centric
Individuals can intuitively and
easily exercise their rights via
an up-to-date user-centric
experience, and be assured
that their rights are respected.
Access Controls
Privacy and Access controls
are part of technology
solutions.
Automated
Fulfilling privacy and access
obligations is a routine and
automated activity.
Proof & Record Keeping
Organizations are always prepared
to demonstrate proof of privacy and
access compliance
Predict & Detect
Privacy and Access controls
systems detect, predict, and
report non-compliant events.
Intra-Organizational
Privacy and Access natively
operates across all
departmental and intra-
organizational boundaries
without data and information
silos.
93. About Feroot
Feroot is a PrivacyOps platform that helps operationalize
privacy management across all departments and data silos.
It helps organizations move from static data flow maps into a
dynamic, continually updated, and accurate data registry.
95. Challenge #1 : Awareness across your organization
1. How do you get privacy awareness in all areas of
the business? Especially Execs, Developers & Data
Scientists?
2. What is the best practice to make sure everyone
receives the right privacy training?
3. How do you ensure all staff know the rules &
integrate privacy into their work habits?
96. Challenge #2 : Managing Decentralized Risks
How do you improve visibility into controls across IT
services and third-party vendors?
97. Challenge #3 : Competing Priorities, Getting Buy-in
1. How do you overcome cross-functional
challenges of competing priorities?
2. How do you balance what can be done with what
end users will actually adopt?
3. How do you get buy-in when there is next to no
budget for education and certifications?
Hi everyone, and welcome to Feroot’s Expert Webinar Series.
In today’s webinar we are very excited to have Dr. Ann Cavoukian with us and we will be discussing how to Integrate Privacy into your Business Strategy & Product
Thank you for joining!
Before we get started, I’d like to introduce myself – my name is Lori Smith, I’m the webinar host today, you’ll be hearing me throughout.
And on technical support and managing our chat, Q&A, is Sandra Feng
If you do have any questions, sound issues, or just want to say a friendly hello, we encourage you to use the bar along the bottom of your screen to chat with us.
Let’s test it out now, raise your hand if you can hear me okay?
Raise your hand if any of you attended the Smart Technology Summit we hosted with Ann others this September?
Our agenda today is really ambitious, so get comfortable, settle in and be prepared to learn a lot.
And we really hope you can all stay till the end of the webinar, because, we’ve taken all your challenges that you shared with us in registration, and turned those into 3 key themes, that Ann and Ivan will address specifically.
And if we don’t have time for Q&A in the webinar, we do still encourage you to ask questions in the chat box, and we’ll follow up with you individually after the webinar.
Now, I am pleased to introduce our featured presenters.
We are honored to have Dr. Ann Cavoukian with us today. Dr. Cavoukian is recognized as one of the world’s leading privacy experts and served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. It was there that Ann created Privacy by Design, which has since been recognized an international standard and translated into 40 different languages across the world. Presently, Ann is the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. She is also the author of two books, “The Privacy Payoff: How Successful Businesses Build Customer Trust” and “Who Knows: Safeguarding Your Privacy in a Networked World”.
Joining Ann on today’s webinar is our very own Ivan Tsarynny. For the last few years, Ivan has centered his path on helping companies turn privacy compliance from a liability into a competitive advantage. He is a member of the GDPR Advisory Committee at the Standard Council of Canada, where he is dedicated to helping companies and organizations build a cohesive standard for privacy management. Ivan is also a serial entrepreneur and is currently, the CEO and Co-founder of Feroot Privacy, an Enterprise Privacy-as-a-Service Software Platform.
Welcome Ann and Ivan! [Say Hello]
Ann, I’m now going to hand over the controls to you.
Add 2018 Stat.
Add 2018 Stat.
Potentially remove this slide?
Ivan Transition:
Steve Herrod of the VC firm, General Catalyst, told The Privacy Advisor that evaluating a company’s privacy practices is now part of his firm’s due diligence, especially when companies are storing customer data in cloud services.
Find the Refference link.
Look for 2018 stats
update stats or take out
talk about employee negligence - how to prevent this.
# of Data Breaches: https://www.kroll.com/en-us/intelligence-center/press-releases/data-breach-reports-to-information-commissioner
Poneman: Cost of a Data Breach
https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=55017055USEN
Source 77%: https://www.ibm.com/account/reg/us-en/signup?formid=urx-32352&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&cm_mc_uid=91526739692115438007052&cm_mc_sid_50200000=30046091543800705248&cm_mc_sid_52640000=57289621543800705265
Update stats or take out
Show most recent one with Mariott
Show most recent one with Mariott
FAQ here: how do you implement these.
Thank you so much Ann! Great information. Again, if you have questions, please throw them into the chat box or Q&A, we’ll do our best to answer them.
Now I’d like to introduce Ivan Tsarynny, who is going to show us in the next 10-15 minutes how to integrate privacy into your product and operations.
Click to next slide.
Ivan, take it away. Click to
In many organisations, business, operations, legal, and IT tend to work in isolation. This is especially true of transformation, privacy, and IT-based projects, wherein the business quickly defines requirements, then throws them “over the wall” to operations or cross-functional teams. These teams implement the requirement, only to be find out unanticipated roadblocks.
Your answers to our challenges also indicate similar results
Privacy is not getting integrated across the organization.
It’s important, but usually off on it’s own
Coming in at the eleventh hour or as an afterthought.
Increases chances of risk!
In the Data Driven age – Privacy needs to work throughout the full data lifecycle in Marketing, Sales, Customer Service, HR, Finance and other organizational boundaries to drive growth.
We call this Privacy Operations.
Why is alignment so important? In many organisations, business, operations, legal, and IT tend to work in isolation. This is especially true of transformation, privacy, and IT-based projects, wherein the business quickly defines requirements, then throws them “over the wall” to operations or cross-functional teams. These teams implement the requirement, only to be find out unanticipated roadblocks. This is one of the most common examples of lack of alignment. For successful programs, the path to ROI is secured with a real partnership across all of the stakeholders from business to legal, privacy, marketing, sales, HR, and IT departments working together towards a common goal. This goal and vision should be discussed, agreed and clearly documented.
Image Source: http://www.virtual.co.nz/index.php?n=Insights.TheCurseOfSilosSlownessAndSmall-ThinkingInLargeMatureOrganisations
In many organisations, business, operations, legal, and IT tend to work in isolation. This is especially true of transformation, privacy, and IT-based projects, wherein the business quickly defines requirements, then throws them “over the wall” to operations or cross-functional teams. These teams implement the requirement, only to be find out unanticipated roadblocks.
Your answers to our challenges also indicate similar results
Privacy is not getting integrated across the organization.
It’s important, but usually off on it’s own
Coming in at the eleventh hour or as an afterthought.
Increases chances of risk!
In the Data Driven age – Privacy needs to work throughout the full data lifecycle in Marketing, Sales, Customer Service, HR, Finance and other organizational boundaries to drive growth.
We call this Privacy Operations.
Why is alignment so important? In many organisations, business, operations, legal, and IT tend to work in isolation. This is especially true of transformation, privacy, and IT-based projects, wherein the business quickly defines requirements, then throws them “over the wall” to operations or cross-functional teams. These teams implement the requirement, only to be find out unanticipated roadblocks. This is one of the most common examples of lack of alignment. For successful programs, the path to ROI is secured with a real partnership across all of the stakeholders from business to legal, privacy, marketing, sales, HR, and IT departments working together towards a common goal. This goal and vision should be discussed, agreed and clearly documented.
Image Source: http://www.virtual.co.nz/index.php?n=Insights.TheCurseOfSilosSlownessAndSmall-ThinkingInLargeMatureOrganisations
Customer data comes with responsibility.
There are numerous regulations governing privacy in the world, including GDPR, PIPEDA, DPA, HIPAA, PIPA, CCPA.
While compliance with these laws is clearly one of the drivers of Privacy Management Programs, it is only the baseline for our approach to privacy.
Today’s privacy operating model was conceived during the era of fax machines and was continually updated with new requirements from the onset of transformation into the digital economy.
As a result of this, ongoing management of privacy obligations became very complex.
Many stakeholder touch-points must be routinely coordinated in order to process requests effectively and to be documented for compliance and legal purposes.
Although most large companies have spent hundreds of thousands, if not millions, of dollars preparing for GDPR and other privacy regulations, our study found that most organizations are not yet ready to manage their processes effectively or efficiently and, as such, they leave themselves at risk of non-compliance.
After interviewing many data privacy, governance, access rights, cybersecurity, IT operations, enterprise planning, marketing, sales, and customer success experts across a wide variety of industries.
We used this data to create the definitive Privacy Operations framework – PrivacyOps.
PrivacyOps is a new department that manages the full cycle of data operations across customer, employee, and back-office lifecycles.
PrivacyOps leaders provide key stakeholders (customers, employees, and partners) the means—through an automated, user-centric, and always up-to-date experience—to intuitively, easily and respectfully exercise their privacy and data access rights.
It will help you stay on top of risks in a decentralized environment
PrivacyOps creates benefits for the marketing, sales, customer services, HR, finance and other business areas, because PrivacyOps aligns a company around customer data.
When applied effectively, this can lead to dramatically improved critical business metrics, including conversion rates, referrals, customer retention, and revenues.
And have a compounding effect on every part of your business, from the efficiency of managing sensitive data to lowering risks of breaches, penalties and litigations, and increasing customer loyalty.
Update image: Marketing, Sales, Service Delivery, Customer Retention, Operations (Back-office)
PrivacyOps has one primary objective: transform an organization’s privacy perspective away from risk avoidance and towards opportunity-seeking and competitive differentiation.
Culture and Stakeholder
Alignment
Step 1 – Align Your Team around Documented Privacy Goals
No stakeholder alignment = no results.
For successful programs, the path to ROI is secured with a real partnership across all of the stakeholders from business to legal, privacy, marketing, sales, HR, and IT departments working together towards a common goal. This goal and vision should be discussed, agreed and clearly documented.
Action: One vision
The first step is to engage and include all the relevant stakeholders and have full participation and alignment across all stakeholder groups.
This vision should be articulated within commonly accepted business terms that are already part of your established culture and business practice.
3 steps to getting your stakeholders aligned
1. Identify your stakeholders.
First, make a list of the stakeholders for your project. Be specific - find out precise names and titles.
We categorize using these seven types:
The Sponsor: This is the person with real skin in the game, they will either get the recognition or take the fall.
Financial decision-makers: These are the people who decide whether your project gets funded.
Strategic decision-makers: These are the people who have a problem that your project is expected to solve.
Mobilizers and Champions: These are the people you can count on for moving things forward to evangelize the importance of the project.
Blockers: these people don’t have official power, but they can intentionally or unintentionally stop the project in its tracks.
Influencers: These people have valuable opinions and insight to consider.
Doers or Implementers: These are the people who execute parts of or the entire project. They have very specific knowledge, action items, and are accountable for deliverables.
2. Get them involved.
Alignment is about getting stakeholders to participate, support, and execute the project. They should feel invested and committed. Proper communication is critical to ensure all stakeholders are involved in an engaged and supportive way. Everyone needs to be aware of your project objectives and updated on project progress. Some stakeholders will be more involved than others, but don’t underestimate the value and importance of stakeholders with less participation.
3. Objections are needs or concerns in disguise.
Nurture communication and understanding between stakeholders to avoid surprise roadblocks later. Keep in mind that needs are likely changing as the project progresses. The more you know about stakeholders’ concerns, the better you can address them. Regularly pause, re-assess, and align.
What Do You Have?
Step 2 – Data Mapping
As Ann mentioned, Data mapping is the first critical element in an organization’s privacy compliance process and will also greatly reduces risks associated with unauthorized personal information handling.
A successful data mapping exercise will help an organization answer these questions with confidence and will provide customers with the information that they expect concerning their personal data and its usage.
Complete and maintain an accurate Data Processing Map.
Review agreements with all vendors to cover all GDPR applicable articles.
Compile and maintain an inventory of vendors.
Implement a programmatic approach to managing vendor data-chain.
Implement technologies to support vendor audits and SAR fulfillment compliance.
Include vendor escalation processes and embed remediation plans.
PrivacyOps has one primary objective: transform an organization’s privacy perspective away from risk avoidance and towards opportunity-seeking and competitive differentiation.
Step 4 – What do Consent and Information Notices,
Disclosures, and Controls mean in the context of GDPR?
GDPR states that Consent must be freely given, specific, informed and unambiguous.
you should always get advice from your legal counsel.
Recommended action: Collect consent and maintain proof of collected consent unless you are relying on processing data being done under other lawful proposes.
Step 4 – GDPR Requires Changes to how your Products and Services functions
Key requirements
Legally valid for processing data
Identify each third party and their usage of personal data
Retain records
Ability for users to revoke consent
Obtaining Consent
Give customers the choice and the ability to obtains consent and revoke consent as easily as they gave it
Managing Consent
Respect your customer’s choice and manage data restrictions downstream to third parties
Collecting Data
Tell users the intent of data collection and what data you will collect
Processing Data
Process Data in a way that is consistent with user privacy expectations
Plain language notices
Clear retention and deletion policies
User controls for retention and deletion
Limit data processing based on the intended purpose
Third country and third party sub-processor disclosure
Breach notification readiness
Audit readiness
This is not enough
Full Transparency upon consent collection
Traditional Customer Experience
Use Amity or Citada
Here’s how a mature vendor would look like.
Step 5 – Third-Party Sub-Processor Vendor Management
every data controller should review how it handles data and its relationship with its providers, and how data processors manage their own vendors/processors, and how GDPR subject rights will be enforced across the entire data processing chain.
How can third-party vendors (processors) support data controllers in responding to SARs?
In many cases, the initial contact from subject comes directly to the controller or the data processor. However, the data processor is not responsible for responding to the SAR by default.
Action: Initiate SAR fulfilment and record keeping processes.
Data controllers and data processors need to prepare to handle SARs in a coordinated and prepared manner.
At the start of the data collection, data processors should provide clear information notices that will inform the subject of their rights under GDPR.
Organizations should be able to provide confirmation as to purpose, location, extent, duration of data processing, and confirmation of the data retention period.
The data processor should manage personal data in a way to ensure that information can be identified quickly and easily.
The data controller and processor should establish an approach to respond to any SAR easily and preferably in an automated fashion.
Training of all staff on how a SAR process is done. FAQ section on the processor’s website relating to SARs. A self-serve portal for SARs.
Agreement between the data controller and processors. This includes contractual provisions with the data controller on how SARs are to be handled, and immediate communication from data controller to processors to inform them of the SAR, to fulfill the request and keep auditable records of all steps.
Use Amity or Citada
Here’s how a mature vendor would look like.
Step 5 – Third-Party Sub-Processor Vendor Management
every data controller should review how it handles data and its relationship with its providers, and how data processors manage their own vendors/processors, and how GDPR subject rights will be enforced across the entire data processing chain.
How can third-party vendors (processors) support data controllers in responding to SARs?
In many cases, the initial contact from subject comes directly to the controller or the data processor. However, the data processor is not responsible for responding to the SAR by default.
Action: Initiate SAR fulfilment and record keeping processes.
Data controllers and data processors need to prepare to handle SARs in a coordinated and prepared manner.
At the start of the data collection, data processors should provide clear information notices that will inform the subject of their rights under GDPR.
Organizations should be able to provide confirmation as to purpose, location, extent, duration of data processing, and confirmation of the data retention period.
The data processor should manage personal data in a way to ensure that information can be identified quickly and easily.
The data controller and processor should establish an approach to respond to any SAR easily and preferably in an automated fashion.
Training of all staff on how a SAR process is done. FAQ section on the processor’s website relating to SARs. A self-serve portal for SARs.
Agreement between the data controller and processors. This includes contractual provisions with the data controller on how SARs are to be handled, and immediate communication from data controller to processors to inform them of the SAR, to fulfill the request and keep auditable records of all steps.
Use Amity or Citada
Here’s how a mature vendor would look like.
Step 5 – Third-Party Sub-Processor Vendor Management
every data controller should review how it handles data and its relationship with its providers, and how data processors manage their own vendors/processors, and how GDPR subject rights will be enforced across the entire data processing chain.
How can third-party vendors (processors) support data controllers in responding to SARs?
In many cases, the initial contact from subject comes directly to the controller or the data processor. However, the data processor is not responsible for responding to the SAR by default.
Action: Initiate SAR fulfilment and record keeping processes.
Data controllers and data processors need to prepare to handle SARs in a coordinated and prepared manner.
At the start of the data collection, data processors should provide clear information notices that will inform the subject of their rights under GDPR.
Organizations should be able to provide confirmation as to purpose, location, extent, duration of data processing, and confirmation of the data retention period.
The data processor should manage personal data in a way to ensure that information can be identified quickly and easily.
The data controller and processor should establish an approach to respond to any SAR easily and preferably in an automated fashion.
Training of all staff on how a SAR process is done. FAQ section on the processor’s website relating to SARs. A self-serve portal for SARs.
Agreement between the data controller and processors. This includes contractual provisions with the data controller on how SARs are to be handled, and immediate communication from data controller to processors to inform them of the SAR, to fulfill the request and keep auditable records of all steps.
PrivacyOps leaders provide key stakeholders (customers, employees, and partners) the means—through an automated, user-centric, and always up-to-date experience—to intuitively, easily and respectfully exercise their privacy and data access rights.
Privacy and Access controls systems detect, predict, and report non-compliant events; they operate across all departmental and intra-organizational boundaries; and they are always prepared to demonstrate proof of privacy and access compliance.
Individuals can intuitively and easily exercise their rights via an up-to-date user-centric experience, and be assured that their rights are respected.
Privacy and Access controls are part of technology solutions.
Fulfilling privacy and access obligations is a routine and automated activity.
Privacy and Access controls systems detect, predict, and report non-compliant events.
Privacy and Access natively operates across all departmental and intra-organizational boundaries without data and information silos.
Organizations are always prepared to demonstrate proof of privacy and access compliance.
PrivacyOps is a new organizational model that increases competitive advantage and regulatory compliance through measurable improvements of operational effectiveness and efficiency across information and data lifecycles.
PrivacyOps unifies the key silos of privacy and access management across the information silos such as customer information, medical records, employee data, back-office operations, and other organizational silos.
PrivacyOps unifies privacy operations across all functional areas, freeing them up to focus on their immediate key business objectives.
PrivacyOps unifies privacy and access operations and transforms it into a smoothly operating machine.
PrivacyOps provides harmonization, simplification, alignment, and focus that will provide privacy compliance and ultimately a competitive advantage by increasing customer trust; and helps increase core metrics like conversion rates, referrals, customer retention, and revenues.
1 - Harmonization and Alignment
PrivacyOps aligns departments and their stakeholders. This ensures privacy initiatives have a measurable business impact. When an organization is aligned, it generates more revenue at a reduced cost, and brings new data-driven products to the market.
2 – Customer-focused Product and Service Changes
GDPR and other privacy regulations require changes to policies, operations, and products, not just for compliance reasons but also to foster user trust. The PrivacyOps framework enables organizations to operationalize privacy effectively, achieve proper consent management, maintain accurate data inventorization, and augment user transparency, and privacy controls.
3 - Removing Overhead Helps Focus Operations on the Key Objectives
PrivacyOps assumes operational and technical privacy overheads that allow marketing, sales, customer service, HR, and other departments to focus on their core goals, objectives, and KPIs.
4 - Planning and Operations
PrivacyOps helps to identify and remove roadblocks. It works with the concept of accountability, careful planning, and the implementation of privacy operational controls across the full data lifecycle flow and across departmental, organizational, franchise and other enterprise boundaries.
These benefits transform privacy from a risk avoidance function into a business that increases, revenue and market share.
Feroot Global Privacy Database allows you to quickly and efficiently manage third-party vendors across applications, both dynamically and automatically. No more chasing down vendors for their latest privacy agreements. No more updating stale spreadsheets. Enter information once, connect to third-party party vendors, and everything from consent management to documentation flows appropriately and continually to the key stakeholders. Your organization will save time, resources, and money, and avoid the tedious task of updating data flow charts every time a new vendor is added to your tech stack.
Feroot Privacy platform helps implement PrivacyOps frameworks that will unify, automate and coordinate all aspects of GDPR Subject Access Request compliance obligations. Feroot effectively manages all stakeholder touch-points and supports an organization’s ability to process requests efficiently and to document responses for compliance and legal purposes.
Feroot Global Privacy Database allows you to quickly and efficiently manage third-party vendors across applications, both dynamically and automatically. No more chasing down vendors for their latest privacy agreements. No more updating stale spreadsheets. Enter information once, connect to third-party party vendors, and everything from consent management to documentation flows appropriately and continually to the key stakeholders. Your organization will save time, resources, and money, and avoid the tedious task of updating data flow charts every time a new vendor is added to your tech stack.
Feroot Privacy platform helps implement PrivacyOps frameworks that will unify, automate and coordinate all aspects of GDPR Subject Access Request compliance obligations. Feroot effectively manages all stakeholder touch-points and supports an organization’s ability to process requests efficiently and to document responses for compliance and legal purposes.
CLICK TO NEXT SLIDE
Amazing, thank you Ivan and Ann. Some great information there.
And now, we’d like to specifically address the challenges you shared with us.
Challenge #1: Building awareness across your organization. This was a very common theme and issue for everyone.
Ann, in two mins or less, what do you recommend to help everyone stay on the same page when it comes to privacy, knowing what to share, not share, what the strategy is, the rules etc.?
Challenge #2 - Managing Decentralized Risks.
Ivan, this one is for you. When the data, consent etc is everywhere…across applications and devices, how do you improve visibility into controls and across third-parties?
Okay and last challenge before we take some questions.
Getting buy-in when there are competing priorities.
Ann, Ivan — what do you recommend people say here— how do you convince others or your execs that privacy is a top priority for business?
And it looks like we have time or 1 or 2 quick questions from the audience.
1.
2.
OR
Okay, it looks like we’ve run out of time for more questions, but we will get back to you!
In the meantime, keep em coming. Email us questions@feroot.com
If there is something you really want to know, we have a community of experts we can tap into for the answers and we will get back to you.
Great, thank you everyone. We will follow up with a recording tomorrow as well as some links to resources.
And stay tuned for our next webinar in January 2019 on Best Practices for Transparency Notices, Managing Consent, Data Mapping and more.
Thank you again, have a great day.
Follow us on twitter, linkedin or email us at questions@feroot.com
And if you have some feedback for us, we’re popping in the link to the survey in the chat.