It goes without saying that data privacy is a hot yet complicated topic these days. If there’s one thing that has been brought clearly into focus, it’s that the property of data does not belong to the company that buys it. The ownership of the data belongs to the individual. With companies moving this direction and every major country in the world modernizing their data privacy regulations, all indications are that this trend is here to stay.
As I dive into my role as VP of Customer and Partner Success at Odaseva, here are my first 5 takeaways:
1. The penalties just got real. Fast.
It was almost impossible to miss the recent headline that the Federal Trade Commission announced a $5 billion settlement with Facebook after an extensive investigation by regulators into how the company mishandled personal data and communications with users.
After a relatively slow start in the first year, GDPR-related fines have also hit hard. British Airways was fined a record-breaking $230 million USD while other U.S.-owned companies also felt the pain.
Information Commissioner Elizabeth Denham said: “Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
Clearly, the big penalties are just starting.
2. GDPR was only the start
While GDPR is an EU regulation, its reach is global. It impacts international companies with customers or employees in Europe in addition to those acting as data processors in Europe or for European companies.
It is important to note that while GDPR started the trend, there are many more initiatives regarding data privacy around the world, including Australia - APP, Brazil - LGPD, Canada - PIPEDA, Japan - APPI, and South Korea - PIPA. In the United States, The California Consumer Protection Act goes into effect on January 1, 2020. Main point? Don’t be surprised to see continued expansion. If you haven't started planning for this new normal, the time is now.
Data Protection Laws Around the World
Image credit: DLA Piper. See website for an interactive version.
3. Companies admit they are not prepared
According to CPO Magazine, “McKinsey research shows that few companies feel fully compliant: as many as half, feeling at least somewhat unprepared for GDPR, are using temporary controls and manual processes to ensure compliance until they can implement more permanent solutions.”
Companies in the United States are lagging as well as stated by a recent article in CIODive:
“Almost one-third of U.S. businesses are unconcerned about data compliance, yet 42% of respondents believe if regulators examined their data practices, they would be fined, according to the report.”
“More than half of companies, 56%, say they have not "realized the full potential of data," according to the report. However, the ones that have may not be properly managing it, which has led to regulatory fines or loss of customers.”
If GDPR and data protection laws are feeling a bit overwhelming, there’s no need to feel alone. A great place to start is this blog which will help you understand the eight considerations for GDPR compliance.
4. Privacy By Design is critical
According to Jerry Bowles in Diginomica, “Research has shown that enterprises that take a comprehensive approach in which globally defined risks to both security and privacy are anticipated in advance and countermeasures are built into systems and operations by design are most likely to meet the regulatory requirements in most jurisdictions. Its basic principles are the same as Security by Design.”
Salesforce Certified Technical Architect (CTA) and Odaseva CEO & Founder, Sovan Bin, is a strong advocate for Privacy By Design, saying
“Security by Design is something that has emerged as a best practice over the years as something that should always apply because security is about everyone. It's not just the IT department. It's a mindset where it's always about protecting the business around the three layers of confidentiality, availability, and integrity. Privacy by Design is exactly the same. You should apply this concept at every layer of your processes. It's not something that should only concern IT and lawyers. Everyone in the company should be aware of it.”
For a real-life use case, learn from this Dreamforce presentation how Schneider Electric approached and even accelerated GDPR compliance by automating critical requirements.
5. Data privacy isn’t just about compliance. For companies proactively protecting data, it’s a competitive advantage
While data privacy compliance might be hard work, the alternative can be costly not just in terms of financial penalties. Loss of customer trust can be difficult, if not impossible, to repair.
The smartest companies, however, aren’t just reacting to compliance regulations. Instead, they’re tackling the challenge proactively.
According to Nick Ismail in his article from Information Age, “Data privacy isn’t just about compliance - it’s turning into a marketing and operational advantage for many businesses.”
He goes on to say, “By clearly handling that data lawfully and securely, companies can make privacy a unique selling point.”
Need Help with Data Privacy?
For large organizations that leverage Salesforce as a mission-critical application, Odaseva delivers enterprise-class data governance, providing data protection (backup and recovery, archiving, governor limits monitoring), data compliance for such as GDPR and data operations (Salesforce DX data extensions). Check out Odaseva on AppExchange today.
Debra is VP of Customer & Partner Success at Odaseva where she is passionate about helping companies govern their Salesforce data. She has over 25+ years enterprise experience working at Salesforce, Hewlett-Packard, and Oracle.
- AppExchange is Coming to Dreamforce, And We’re Mixing It Up AppExchange is Coming to Dreamforce, And We’re Mixing It Up By Amanda Nelson Type Article Here’s how you can find your perfect mix of solutions, and how to mix it up with Appy at Dreamforce.
- Meet the AppExchange Street Team at DF19 Meet the AppExchange Street Team at DF19 By Holly Rushton Type Article See who will be helping bring the excitement of AppExchange to attendees at DF19, plus how you keep engaged online.
- Drive Marketing and Sales Alignment in 4 Steps Drive Marketing and Sales Alignment in 4 Steps Type Article Organizations must be prepared to deliver a personalized, targeted, and seamless experience at every stage of the customer journey. To do that, marketing and sales have to come together as one team, aligning on clearly defined goals, strategies, and more.
- TaskRay: Force Marketing Customer Spotlight TaskRay: Force Marketing Customer Spotlight Type Article Using a non-Salesforce native, homegrown workflow management system meant disparate systems and data duplication. Force Marketing sought real-time project transparency to make informed decisions.
- 5 Ways to Stop Leaking Revenue 5 Ways to Stop Leaking Revenue Type Article Signifyd discusses five steps to analyze and staunch revenue leakage.