How do I select a data privacy management solution for my business?
As companies collect more personal data, concerns around its privacy are growing too. People are becoming aware of the value their data holds and how it can be used for different purposes, and the way it is managed can greatly impact companies’ reputation.
To select a suitable data privacy management solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Andrew Clearwater, Chief Trust Officer, OneTrust
With a growing number of solutions available, you first need to understand what you want to achieve. Understand which regulations to comply with, how privacy is structured within your organization, and what broader goal is your program tied to. For many organizations that end goal is to be more trusted. The right, integrated solution, such as OneTrust’s technology platform, can help you achieve a solid foundation for trust.
Find an intelligent solution: A privacy management solution should make your life easier. Look for a solution that will leverage technologies like AI and machine learning, streamline processes with automation, help implement governance policies, and learn from your organization’s usage. Ideally, your solution will also help keep your finger on the pulse, with AI powered research taking a share of the heavy lifting to help keep your program up to date.
Make it repeatable and scalable: The privacy landscape continues to develop, so privacy management solutions need to solve today’s challenges and keep your program running smoothly, but also need to be able to adapt as your needs and use cases develop.
Embrace the community: Use cases come in many forms, and by sharing experiences you can draw on the lessons of others. A solution that has a strong user community will be an invaluable resource to successfully implement and grow.
David Corrigan, GM Data Governance, Quality and Privacy, Informatica
Modern data governance and privacy isn’t just about documentation and compliance, done well it empowers teams with consistent, trusted data and delivers measurable value for the entire organization.
When selecting a data privacy product CISOs should consider the entire pipeline of data processing. Focusing only on a single point opens up gaps and increases risk. Not to mention the extra administrative work involved in managing multiple point solutions.
Always begin with inventory. Are you clear on what data you have? Is it sensitive? Or perhaps it’s only sensitive in certain contexts or when grouped with other data. It’s important to be able to ingest data at scale, find and understand it if you are going to be able to protect and govern it. It’s essential that you can automate the discovery and classification of data, or you simply won’t even cover 5% of your data!
Next, consider whether the solution you’re evaluating gives you robust classification capabilities. Strong privacy and governance requires risk profiles and policies and the ability to monitor, and report on, the usage of data against these. Does it go beyond data and enable you to govern and protect AI and machine learning models too?
Dimitri Sirota, CEO, BigID
To some degree this depends on a number of factors – the size of the company, global presence, and ultimately the priorities of the company.
If you’re a small business, you will want to have a cloud native privacy offering that can address multiple use cases – including cookies, consent and privacy preference management, data rights and deletion, and privacy impact analysis. A number of providers offer these privacy on demand offerings, while some offer point solutions. It’s critical to select a solution that will provide automation and accuracy for sustainable privacy compliance – especially for companies that don’t have a dedicated privacy office or limited resources to dedicate to privacy compliance.
For larger companies where privacy is seen as an adjunct to data security, you will want a security oriented and risk-aware privacy offering that can simultaneously address needs like retention, access management, remediation and data minimization. These capabilities not only reduce the attack surface and help mitigate risk of ransomware and data breaches, but complement more traditional privacy GRC functions like PIA, RoPA, Preference Management and Data Rights Management – while scaling up to meet industry regulations and frameworks like NIST.