Posted by Sonata Ožemblauskaitė, Group Security and Compliance Manager
The data privacy landscape is constantly evolving, and it is difficult for many of us to keep pace with all these upcoming (and already passed) laws and policies around the world – for example, the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). Typically, compliance with such data protection laws is delegated to IT and legal departments within businesses to ensure that they adhere to at least the minimum legal requirements imposed by these laws to avoid legal repercussions and fines. That might seem a reasonable approach as data privacy is often seen as a legal matter and the risks of privacy are frequently associated with evolving technology.
However, I think data privacy has more to offer than being viewed as something you are obligated to do by the law. The greatest risk of data privacy has little to do with technology. 88% of data breaches are caused due to human error, meaning that data privacy is often compromised due to employee error more than any other reason. Thus, data privacy is not a “thing” that should be thrown to one of your business departments but rather, it should be part of every employees’ job. Everyone in your business, from directors to individual workers who process your customer information, needs to understand your business’s position on privacy and be educated on your data privacy practices, especially as these data protection laws are constantly evolving. If all of your employees are not onboard, your privacy program simply won’t work.
Questionmark data protection ready-made assessments
Your employees are the ones who are processing customers’ data regularly – accessing it, using it, sharing it, and storing it. If they do not understand their role as the custodian of that data or lack commitment to your data privacy practices, your business may be at risk in multiple ways – including potential data breaches, inquiries by national regulations, or worst of all, frustrated customers. Of course, it is good to be clear on accountability, but understanding why your employees do not understand and what the gaps in their knowledge are will help protect your business even more, for example, to ensure that your data privacy training is covering the right subject areas.
Questionmark has launched data protection ready-made assessments that cover GDPR and CCPA regulations. The assessments can help you to adapt your workforce knowledge to these data protection laws by analyzing your employees’ knowledge gaps, thus allowing you to make informed decisions on further training or support. By testing the current knowledge and identifying weaknesses, you will be able to improve the data practices across your business and minimize human error, saving you time and money.
These assessments can also help to increase awareness among your employees. Employees are presented with questions based on realistic professional situations which would not only test their theoretical understanding but also functional skills. For example, please see one of our CCPA for Business Professionals sample questions:
Why should you invest in data privacy?
Interestingly, the Cisco report found that nearly two-thirds of businesses worldwide have experienced significant sales delays due to customer privacy concerns. However, privacy matured companies had only 3.4 weeks delays compared to the average 16.8 weeks delays seen by less privacy matured companies. That means that customers are more comfortable in doing business, buying products or services from businesses that are at least perceived as “trustworthy”. Indeed 69% of people think the importance of privacy and security practices preserves trust in the companies. To maintain that trust, you need to ensure that your employees follow the best data privacy practices while handling your customers’ data. To add, the damage the negative message could do in the marketplace is extensive, for example, it could ruin your business reputation, investor confidence and external relationships.
Your ability to demonstrate that you truly care about the privacy of your customers’, partners’, and stakeholders’ data combined with your ability to protect that data could distinguish your business from your competitors and bring you new business opportunities. The only question is whether your business will take advantage of privacy as a differentiator.
Sonata Ožemblauskaitė is the Group Security and Compliance Manager and Product Manager at Questionmark. She is CIPP/E certified and a member of the International Association for Privacy Professionals. Sonata has 4+ years’ experience in working in legal and security matters and has a LLM in International Law and BA in Internal Law and Internal Politics. She is part of the team that created the Cybersecurity for Home-based Works assessment along with other Questionmark ready-made assessments.