With every new data privacy law, it seems that companies buy privacy management software like January gym memberships. (2024 is a big year in enacted laws for data privacy and AI...and it's only May).
The team has good intentions. Just like those of us who make a New Year’s resolution to get fitter.
By February, the gyms are half empty.
Companies who react to the latest law going into effect… “Quick, buy a solution. Let's do a compliance check. We have to show we are doing SOMETHING.”
But the timing is all wrong. And sadly, sometimes these same companies don’t build an effective privacy program. Or they think, “It’s our [insert here] department’s job;” or, “This doesn’t apply to us; we’re too small,” etc.
Instead of worrying about or reacting to a newly enacted law, get moving today on building (or updating) your personal data inventory. Start with who you serve and what you do for them.
Better to start modestly by understanding what personal data you collect, what it is for, and how you will protect it.
And, if you are confident that your personal data inventory is up to date, then you can update your service providers, your data protection measures and see if you are in alignment with your data retention policy.