Investing In The Right Privacy Technology For Your Organisation

Published on May 28, 2021

In our last article, we discussed creating a privacy framework that provides the basic structure and offers guidance about how to integrate any compliance requirements applicable to your organisation. A robust privacy framework will ensure you have the right compliance policies and procedures in place whilst providing flexibility to adapt processes to align with organisational needs and requirements.

How Does Technology Support A Privacy Framework & Compliance?

Investing in the best privacy technology for your organisation will make a significant difference to the effectiveness of your privacy framework. One challenging compliance requirement that privacy technology can help manage effectively, which even large public bodies are known to have difficulty dealing with, are Subject Access Requests (SAR’s).

In December 2020, it was reported that the Metropolitan Police had a backlog of 662 subject access requests, 280 of which were overdue, over a year on from being issued an official enforcement notice by the ICO for its “sustained failures” in dealing with people seeking to discover what personal information the police holds on them.

To effectively deal with a data request within the strict time limits, you have to be able to find the information. For commercial organisations, personal information is often used for several functions, including marketing, business intelligence, and product development, to name just a few.

Safi Raza, director of cyber-security at Fusion Risk Management told Compliance Week that privacy software:

“…can help to answer one of the most challenging questions: Where is the data?”

In addition to managing SARs, privacy technology can be used for a range of purposes to automate different functions of a privacy program. These include data mapping, data discovery, consent management, incident response, and website scanning (cookie notices).

How Do I Choose The Right Privacy Technology For My Organisation?

To establish what type and the scope of privacy technology your organisation needs, answer the following questions: What type of personal information does my organisation collect, what is it used for, and where is it stored?

  • How is the information collected?
  • Where and when is it collected, processed, and disposed of?
  • Have we completed or updated a data map?
  • How many SARs do we receive on average each year?
  • Do we transfer personal data to the EU or other third countries?
  • Who else accesses the data we collect (i.e., a processor)?
  • Are our current privacy policies and procedures compliant with relevant regulations and if not, why not?

Once these questions have been answered (and this may be done by a Data Protection Officer (DPO)) you can start considering what type of privacy technology will address any weaknesses in your current systems and help build your privacy framework.

What Types Of Privacy Technology Are Available?

Privacy technologies are split into three categories:

Program & Workflow Management Tools

These provide a framework for workflow management and readiness assessments that allow you to establish the current status of where, when, what, why, and how personal data is held within your organisation. From there, policies, procedures, and workflows can be created and communicated to employees and other relevant stakeholders (such as any processors) to achieve compliance.

Data Discovery Systems

Using machine learning, data discovery systems allow you to swiftly identify the location of personal data held by your organisation and who has access to it. However, as with all AI and machine learning, the process is not foolproof. Manual checks need to be conducted to ensure all relevant data relating to a compliance matter is captured.

Compliance Management

Compliance requirements such as responding to a SAR take time. Multiply this by the amount of SARs received annually, and the total resource requirements can amount to a significant cost. For multinational corporations, the volume of data involved can run into millions of documents. In such cases, compliance management tools are essential for meeting SAR obligations.

Choosing The Right Privacy Technology

The privacy technology space has grown increasingly competitive over the past five years, with the number of vendors growing from 44 to 356 according to the latest IAPP Privacy Tech Vendor Report. Given the cost of investing in such technology, you must take the time to establish what tools your organisation requires to support your privacy framework and create a strong privacy culture.

To find out more about data protection and privacy law training, please email us at contact@freevacy.com or call 0370 04 27701.

Click your chosen course below to see our next available courses dates

COVID-19: FLEXIBLE, LIVE ONLINE BCS & IAPP TRAINING NOW AVAILABLE - PLEASE CONTACT FOR DETAILS