When was the last time you checked on your basics for data privacy and data management?
Here’s what I mean….
Creating and maintaining a current detailed personal data inventory is THE foundation.
Yet, I find that many companies I work with either don’t have one or have something that is out of date and incomplete. This includes smaller – under $50M as well as over $1B annual revenues – companies across industries. This holds true whether people have built their data maps manually or used some [or a lot of] automation.
Personal data inventories, while arguably not exciting, are nevertheless critical to business operations and trust-building.
With them, you can:
- Create and update your privacy notices
- Perform vendor due diligence, risk management and create contracts and data processing agreements
- Complete data subject access requests (without going out of your mind)
- Assess privacy risk for your organization
- Secure your personal and sensitive personal data, collaborating with your information security and IT teams
- Analyze data events that occur (and they will!) and respond quickly and appropriately respond to a personal data breach
- Create meaningful data privacy learning for your employees, contractors and customers
- Stand out in terms of trustworthiness to customers by thoughtfully embedding your personal data collection and use into customer communications and service
- Get rid of data you don’t need
- And of course, comply with data privacy and protection laws and regulations.
Make creating and revisiting your personal data inventory (data mapping) efforts highly focused and pay off now and in the long run.
Considering that:
90% of internet users agree that online privacy is important (Surfshark)
80% of companies store sensitive data in the cloud (Netwirx)
76% of individuals said it’s too hard for them to understand how their information is being used. (CISCO)
Doesn’t it make sense to make sure you’ve got your inventory buttoned up and use every opportunity to create value for your customers with it?
It is so easy to become captivated by the latest “automated” process or shiny system – a short cut that requires little to no effort…don’t fall for this in your data privacy program. There are no short cuts. For some organizations, automated data discovery makes a lot of sense; for others, less so. For more thoughts on the cost of automation, see my post, “Two things [still] drive what organizations focus on in building their data privacy programs:
Before you’re tempted to groan or roll your eyeballs because there it ‘roll up your sleeves’ work involved…
Ironically, once you spend the upfront time (typically a few days to weeks) building your personal data inventory, it’s no a heavy lift to maintain it. What it takes is a regular systematic review and update. And then, you can take better advantage of data discovery and classification tools.
Benchmark companies invest in the “wax on wax off” of data privacy and management.
They tend to their personal data inventory regularly. So, go on, schedule a review for this month and revisit every few months or when something changes, e.g., you buy a new tech platform, create a new product or service, a US State enacts a new or updated Privacy or Security law, etc.
I would love to hear your experience. Schedule time with me if you’d like to talk about sane(r) approaches to building and maintaining your personal data inventory that don’t break the bank.