Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2019 | The New Privacy Landscape | Identiverse | Day 2, June 26

60 views

Published on

What can we learn a year out from GDPR about how to manage privacy legislation? What does new privacy regulation like CCPA or LGPD mean for the privacy landscape in general? How can we future-proof our privacy practices to move beyond prepping for the next set of rules?

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2019 | The New Privacy Landscape | Identiverse | Day 2, June 26

  1. 1. ENTER SUBTITLE HEREThe New Privacy Landscape Or: How I Learned To Stop Worrying And Love Privacy Regulations
  2. 2. ®
  3. 3. ® x8,293,842
  4. 4. ®
  5. 5. ®
  6. 6. ®
  7. 7. ® 280,000 cases reported to Supervisory Authorities
  8. 8. ® 89,000 were breaches
  9. 9. ® 144,000 were complaints
  10. 10. ® 90+ fines totaling €56M
  11. 11. ® €50M €6M
  12. 12. ®
  13. 13. ®
  14. 14. ® “... I sense that there is only a limited time for organizations to put their houses in order before the commissioner does revert to the enhanced penalty regime...” Giles Watkins, IAPP Country Leader, UK
  15. 15. ® Privacy Regulation
  16. 16. ®
  17. 17. ® California
  18. 18. GDPR CCPA Understand personal data being held Yes Yes (prior 12 months) Download/port personal data Yes Yes Delete data Yes Yes Processing Yes (Opt-In) In context of sold data Data rectification Yes Not Stated Transparency/audibility of operations Yes Yes (prior 12 months) Data privacy notice, policies, procedures Yes Yes Sale of personal info to 3rd parties Implicit Yes Protection from discrimination Implicit Yes 18
  19. 19. 19 GDPR CCPA LGPD Understand personal data being held Yes Yes (prior 12 months) Yes Download/port personal data Yes Yes Yes Delete data Yes Yes Yes Processing Yes (Opt-In) In context of sold data Yes (Opt-In) Data rectification Yes None Yes Transparency/audibility of operations Yes Yes (prior 12 months) Yes Data privacy notice, policies, procedures Yes Yes Yes Sale of personal info to 3rd parties Implicit Yes Implicit Protection from discrimination Implicit Yes Implicit
  20. 20. ® GDPR CCPA LGPD
  21. 21. ® GDPR CCPA LGPD Vietnam NIgeria Bahrain India NJ IL WA Chile ME
  22. 22. ® 1. Find your customer data
  23. 23. ® 1. Find your customer data 2. Make it easy (ish) to manage
  24. 24. ® 1. Find your customer data 2. Make it easy (ish) to manage 3. Give control to your customers
  25. 25. ® Find your customer data
  26. 26. ® Find your customer data Details Catalog Data What data do you have? Where is it stored? Why do you have it/how is it used? Understand Data Access Who can access your data? To which third parties do you share/sell data and what data do you share/sell? Assess Risk What is the sensitivity of each piece of data?
  27. 27. ® Make customer data easy(ish) to manage
  28. 28. ® Make it easy to manage Details Minimize Data Determine what data is needed and what isn’t - delete data you don’t need, anonymize data you don’t need to tie back to an individual Data Retention Based on your catalog decide how long you need each piece of data and implement process around retention and disposal of data Data subject processes Make it as easy as possible to respond to requests like: portability, vendor sharing/selling, deletion, processing by having APIs or processes in place with each data owner Review/Enhance Security Protect data from unauthorized access, use classification to drive access
  29. 29. ® Give control to your customers
  30. 30. ® Give control to your customers Details Transparency Show your customers how you’re using their data and with whom it’s shared/sold. Give them the ability to revoke those purposes or third party access Data Access Rights Give your customers the ability to exercise data rights like portability, restriction of processing, right to be forgotten. The more automated, the better. Consent and Preferences Give your customers to opt into or out of data uses (as much as is possible) and establish their own preferences for communication and data use.
  31. 31. ® 1. Find your customer data 2. Make it easy (ish) to manage 3. Give control to your customers
  32. 32. ® Keep regulators happy
  33. 33. ® Keep regulators happy Keep customers happy
  34. 34. ® Keep regulators happy Keep customers happy Keep Californians happy
  35. 35. ® Thank you! mhay@salesforce.com

×