Is Your Company Caught in a Privacy and Security Compliance Web?
This year California announced yet another delay in the enforcement of its California Privacy Rights Act (CPRA). Many privacy and compliance officers were justifiably relieved to have time to address concerns like targeted advertising, opt-out preference signals, and third-party contracts. Most already found themselves knee-deep in privacy and security issues related to compliance with the General Data Protection Regulations (GDPR) protecting European citizens, Personal Information Protection Law (PIPL) protecting Chinese residents and regulations protecting state residents in the US.
And, although the US is lagging behind, there is speculation about the US enacting its own set of federal personal data regulations.
Are you feeling trapped by a dizzying array of requirements? Are you wondering what to do or where to start?
The demands of understanding these regulations can be overwhelming, especially for smaller companies.
Here’s a few simple steps you can take to start:
- Familiarize yourself with GDPR. The regulations that the EU put in place have become the foundation of most of the regulatory requirements that have followed. If you understand the basic principles of GDPR you will go a long way to understanding what is expected of your company.
- Talk to your network. Ask your peers how they handle regulatory compliance. Follow compliance experts on LinkedIn. At networking events ask peers how they are handling it. Talk to your legal counsel.
- Do Your Research. There are many helpful blogs and articles on LinkedIn. You can begin to understand the basics just by reading a few blogs and articles by experts. You can find general information and specifics that relate to your industry in varied fields like finance, healthcare, and manufacturing.
- Adopt the most rigorous standard. As you begin to implement policies and procedures always compare the requirements of different regulatory bodies. For example, GDPR grants individuals the right to have access to their personal data, the Colorado regulations do not. In this case you should use the GDPR standard even if your company operates in Colorado. For a comparison of various regulatory requirements click here: https://www.dataguidance.com/comparisons/comparing-privacy-laws
Because Cadence Communications & Research works in the highly regulated healthcare industry most of our staff is conscious of the many restrictions related to the regulations. We have found that one of the best ways to safeguard data is to remind employees to treat everyone’s personal data as they would want their own data to be treated. The best method of protecting data is ultimately the golden rule.
Next month, we’ll cover the basic components of GDPR.
About the Author:
Stephanie Miller is the Director of Business Operations & Compliance at Cadence Communications and Research. Prior to working at Cadence, she worked at Amgen, Toyota, Warner Brothers, and Disney. She is a Six Sigma Green Belt, and has a certificate in Toyota Production Management. She graduated from UC Davis and did additional studies at the University of Edinburgh, Scotland.
About Cadence Communications & Research:
Cadence Communications & Research is a boutique professional services firm serving the global healthcare industry. Founded in 2008, Cadence offers services in two key interrelated areas: medical communications and market research. Cadence offers Cadence is a certified woman-owned business and has been named to the Inc. 500/5000 fastest growing private companies in America three times. Cadence is a member of Diversity Alliance for Science. For more information, please visit: www.cadencecr.com.