For business owners, it is crucial to consider your processes and to schedule annual compliance check-ups.
What do business owners need to know about data privacy?
There are foundational elements that all businesses which collect data need to know. I’ve summarized some key points to consider:
- Secure informed consent before any collection or use of personal information, and re-seek consent if data obtained later reused for a purpose other than the one for which consent was initially provided. If your company pivots, your policies must also pivot.
- Maintain a robust security practice for all data against risks such as loss or unauthorized access, destruction, use, modification, or disclosure of data.
- Regularly review (at least annually) the industry’s standard and go a step beyond that standard.
- Pursue privacy by design approach, which includes a method of protecting privacy by embedding the protection into your infrastructure’s technical specifications. This approach provides consumer opt-outs and limits information collection to what is necessary.
- When possible, create a simple, legal jargon-free option for customers regarding handling their data and easily accessible consent options.
- Enable transparency on the company’s privacy and security practices. If you do it, you disclose it. This includes providing clear disclosure obligations.
- Support all claims with objectively verifiable evidence. If we say it, we can provide proof of it (including the policy itself).
- If you collect any personal data on anyone in the European Union, you must comply with the GDPR: https://gdpr.eu/compliance-checklist-us-companies/
What to do next?
An actionable plan with the items above addressed can protect your company, customers, shareholders, and employees.
Feel free to reach out to our office to schedule a time to discuss your data privacy questions.