The COVID-19 crisis has accelerated the pace of digital transformation, making digital interaction central to almost every process and forcing organizations to adapt quickly. Where digital strategies were once mapped in one- to three-year phases, businesses are now scaling their initiatives in a matter of days, weeks, and months.
The rush to adapt to this new digital-first COVID-19 reality of remote work, increased digital experiences and automation has implications for data privacy. As more processes shift to digital, more data is generated and shared and must be protected – including customers’ personal data. Whether we consider unprecedented global measures to track and trace the spread of coronavirus through technology or organizations increasingly relying on digital interactions to support a newly remote workforce, the use (or potential misuse) of personal data is in the spotlight.
When coupled with growing consumer expectations around data privacy, and the increasingly stringent regulatory environment governing how personal data needs to be managed, organizations must ensure that their data privacy systems can scale appropriately for a digital-first era. Penalties for non-compliance with data privacy laws, such as Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), can be huge. For the more serious infringements that go against the principles of the right to privacy and the right to be forgotten under GDPR, companies face a potential fine of up to €20 million, or 4% of its worldwide annual revenue, whichever is greater. The three largest fines handed out by authorities to date amount to a combined total of more €370 million including a single fine of €204,6 million imposed on one company in 2019. Beyond the immediate damage inflicted by potentially colossal financial penalties, there are the longer-term costs of lost brand loyalty and trust.
Getting to grips with data privacy
OpenText recently commissioned research amongst consumers across the globe* that revealed almost three-quarters (73%) are either very aware or at least somewhat aware of the laws that protect their personal data, but 40% don’t trust third-party organizations with keeping their personal information safe or private. In fact, almost one third (30%) would proactively get in touch with an organization to see how it is using their personal data or to check if it is storing their personal data in a compliant manner. More than one in ten (14%) have already done so at least once.
In addition to widespread consumer concerns, the research revealed the extent of public appetite for companies to champion data privacy. Globally, 41% would pay more to do business with an organization committed to protecting their personal data.
Although the world is experiencing rapid change, the need to protect personal data remains mission-critical across all industry sectors. Businesses must be able to demonstrate a clear commitment to the highest standards for data privacy – achieving compliance with stringent regulation, ensuring continued brand loyalty, and safeguarding customer trust. Here are five ways for organizations to manage compliance in today’s digital-first world.
Build a privacy-first culture
As the amount and complexity of information grows, so do the risks and impact across all areas of an organization. By building a privacy-first culture, organizations can ensure digital transformations abide by the applicable regulatory environments worldwide. As part of this effort, organizations should consider establishing cross-functional teams to lead information governance efforts and build a framework and approach for ongoing data privacy compliance.
Centralizing and automating privacy processes within an organization by utilizing OpenText™ Privacy Management can help to drive compliance with data privacy and protection principles, such as accountability, data minimization, and lawful processing. OpenText Privacy Management is flexible and adaptable to support changing data environments and can be easily customized to match an organization’s level of maturity. Pre-built configurations shorten deployment cycles and accelerate time to value.
Achieve end-to-end content management
Technological innovation and increasing volumes of information are pushing the limits of privacy well beyond current regulatory standards and legal requirements. As companies have shifted to remote work and embraced new video collaboration tools, the concept of where and how work happens has rapidly changed. Digital white-boarding, conference call chat streams, and other ad-hoc collaboration venues increase the risk of data sprawl.
Given these challenges, strong information management is the first step to achieving data privacy compliance. Businesses must remove siloes to get one comprehensive view of all their information – both structured and unstructured data – and understand how personal information is managed. With enterprise content management (ECM) software like OpenText Content Services, companies can manage the flow of information from capture through archiving and disposition – ensuring agile information governance to reduce risk and address an increasingly complex regulatory landscape.
Leverage analytics and AI
Unfortunately, manual classification and filing processes are subjective and error-prone, leaving companies unable to track and manage their information effectively. Yet categorizing and organizing documents and files contextually is vital for regulatory audits, content migration, risk assessment, discovery, and due diligence. Organizations need the ability to detect sensitive data, such as personally identifiable information (PII), across both structured and unstructured data to avoid regulatory fines. OpenText™ Magellan™ provides an artificial intelligence data analytics platform to identify, classify and analyze personal data at scale in order to ensure compliance with privacy regulations as well as providing data-driven insights that can optimize governance and mitigate risk.
Streamline assessment of discovered data
Under most data privacy regulations, individuals are provided with the right to know what data an organization is collecting about them, why the organization is in possession of that data, and to whom their information is disclosed. Perhaps the most critical focus area is the ability to respond to rights requests. Some organizations struggle with responding to data subject or consumer access requests – free of charge to consumers and obliging organizations to respond within 30 days under GDPR – as they are burdened by searching numerous data sources, assembling results by hand, performing manual redactions and compiling the content to deliver back to data subjects. Deploying technology like OpenText™ Axcelerate™ provides companies with an efficient, automated, and flexible solution that can meet time-sensitive demands, and reassure customers that data privacy compliance is a priority.
Prioritize cyber resilience
Data stored on desktops, laptops, and tablets is vulnerable to ransomware, human error, hardware failures, loss, and theft – risks that have been amplified by the mass shift to remote work and the lack of oversight IT admin have on their dispersed employees. That’s why creating a culture of cyber resilience is more important than ever. Cyber resilience is the ability to continuously deliver the intended operational outcomes, despite adverse cyber events. It requires total network, endpoint, and user protection, as well as data recovery for customers of all sizes as part of a robust ‘defense-in-depth’ strategy.
Critical components of a cyber resilience suite include:
- Training to help strengthen the first line of defense, employees
- Blocking threats before they can infiltrate your network with DNS Protection
- Protecting endpoints from the latest threats to ensure users stay productive and your data stays secure with next-gen antivirus
- Backing up data automatically for times when breaches or other events occur, especially for data within software programs like the Microsoft 365 suite
- Migrating physical, virtual and cloud workloads to and from any environment with minimal risk and near-zero downtime
- Recovering with minimal downtime and without significant data losses allows business to continue as usual.
Championing data privacy in a digital-first world
The COVID-19 crisis has accelerated digital transformation and made digital – and effective data management and protection – central to almost every business interaction. By investing in comprehensive privacy management capabilities underpinned by information governance and automation, organizations can satisfy regulatory requirements, avoid non-compliance penalties, and most importantly, maintain customer trust. Championing data privacy will be crucial in retaining customer trust in a post-COVID era.
Interested in learning more about building a data privacy-compliant organization that can adapt quickly to today’s digital-first world? You can find more details in the blog post here.
To find out more about data privacy compliance, you can also visit our website or try our on-demand webinars, including Sensitive data: Find it, manage it and reduce risk.
Methodology
*This research was conducted through Google Surveys from April-May 2020. Commissioned by OpenText, 12,000 people were anonymously surveyed from the following seven markets: Canada (2000 respondents), UK (2000 respondents), France (2000 respondents), Germany (2000 respondents), Spain (2000 respondents), Australia (1000 respondents) and Singapore (1000 respondents).
Detailed findings by geography
Specific research findings can be found here.