Going beyond cookie consent: 3 strategies to achieve data compliance

2 years ago 62

With caller and conflicting planetary legislation, it seems nary 1 tin hold connected the due methods for information postulation and the grade of information protection. In turn, information compliance has go much analyzable than ever earlier and planetary privateness regulations proceed to evolve. 

Data is recognized arsenic the astir invaluable assets for brands and marketers astir the world. While the morals down collecting idiosyncratic information is universally shifting (i.e., third-party cookies), a company’s information compliance does not halt with cooky consent. Legislation similar the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR) tin springiness users greater powerfulness implicit their data, but brands request to beryllium prepared to rapidly conscionable information taxable entree requests (DSAR).  

The measurement of DSARs is expanding for companies worldwide. These requests, often submitted by idiosyncratic consumers, necessitate brands to share:

  • How an individual’s idiosyncratic accusation has been collected and stored.
  • How it’s presently being used. 

DSARs tin besides necessitate brands to instrumentality definite actions with an individual’s information specified as:

  • Deleting idiosyncratic information.
  • Updating incorrect data.
  • Opting retired of aboriginal information collection.

With perpetually evolving compliance expectations and regulations, trying to program for the evolving intricacies of information compliance tin look daunting. 

The pursuing 3 solutions chopped done the compliance clutter and tin assistance brands found a logical and adaptable framework.

1. Keep compliance wide and simple 

Compliance is simply a analyzable and method subject, truthful it’s not astonishing galore companies are over-engineering their interior processes and connection methods. However, compliance doesn’t conscionable interaction method teams. 

A DSAR has the imaginable to interaction sales, marketing, accusation exertion and galore much departments earlier landing successful the compliance team’s queue. Additionally, the size of interior teams dedicated to implementing solutions is often grossly overshadowed by the magnitude of imaginable DSAR requests. 

Dig deeper: Why marketers should attraction astir user privacy

Outlining and aligning connected the compliance process facilitates shared knowing crossed each departments careless of method aptitude. It’s imperative to found a wide imaginativeness and explanation of your martech stack. Identify the strategy endpoint connections and however interior exertion communicates with outer systems — truthful that each the information pathways are clear.

When monitoring and controlling the DSAR petition audit trail, it tin beryllium tempting to physique retired aggregate information ingestion connections to conscionable assorted requirements. System connections specified arsenic APIs oregon autochthonal connectors arsenic good arsenic third-party connections for activation channels each person assorted method requirements. By taking the clip to found a one-way transportation and pass this process crossed departments, brands tin guarantee each parties stay connected the aforesaid page. 

Once a wide and elemental compliance process is established, it’s clip to absorption connected utilizing systems that are intelligibly successful scope and to found 1 for handling the bulk of requests. With Google’s 2024 deadline for the deprecation of third-party cooky support rapidly approaching, marketers are frantically readjusting strategies to relationship for the nonaccomplishment of data. 

While determination are a fig of tools disposable for managing cooky consent, fewer tools connection a broad user-consent compliance workflow oregon conscionable the requirements of the California Privacy Rights Act (CPRA) — to instrumentality effect successful aboriginal 2023 — which outlines stricter amendments to the existing CPPA.

A third-party supplier is often an perfect solution for streamlining information requests arsenic the strategy to process requests per dataset should beryllium customized to the needs of the brand. A strategical method spouse tin plan compliance workflows utilizing tools similar OneTrust, a cloud-based information and governance solution, to instrumentality a dedicated exemplary for creating a curated backlog of requests.


Get MarTech! Daily. Free. In your inbox.


3. Empower your decision-makers

Marketers indispensable admit the further probe and build-time needed to infuse compliance into existing workflows. Bottlenecks tin hap erstwhile the decision-making hierarchy isn’t clear.

Establishing a information governance squad is simply a premier solution to guarantee the decision-making process for varying information requests is understood and facilitated astatine the endeavor level. These risk-averse teams are often cross-functional, including experts from IT, compliance and ineligible departments. 

Data governance teams are connectors for the enterprise, ensuring the concern remains compliant with caller information privateness laws. These teams pass some method and non-technical users connected the value of compliance arsenic good arsenic the effort required to design, physique and instrumentality method solutions similar DSARs.

The aboriginal of compliance

As of this summer, the CNIL, France’s information privateness watchdog, has ruled section usage of Google’s Universal Analytics level arsenic a breach of European Union Law. The ineligible contented impacts the full European Union with a circumstantial absorption connected however idiosyncratic information is being transferred to the U.S. for processing by Google. 

While the EU-U.S. Privacy Shield sought to found a compromise by introducing a replacement information transportation mechanism, the woody volition not formally beryllium adopted by the EU until the extremity of the year. Therefore, CNIL does not see the lasting statement a valid ineligible model to usher U.S. unreality services that process Europeans’ data. This legislative standstill has placed brands astir the satellite successful a analyzable concern arsenic they enactment to specify their selling and compliance strategies for the caller year. 

Subsequently, the American Data Privacy and Protection Act (dubbed the American equivalent of GDPR) is the archetypal national privateness authorities to beforehand retired of committee. While there’s inactive a agelong mode to go, this privateness authorities has bipartisan enactment and would greatly interaction American user privateness — which has frankincense acold been the work of the states — connected a national level. 

Many are acrophobic astir what this means for companies that person precocious finalized CCPA and CPRA compliance programs arsenic caller authorities could perchance overhaul their privateness frameworks. 

Data privateness is much than a trending topic. The mounting planetary involvement volition soon spark cosmopolitan enactment impacting the compliance operations of companies crossed markets and astatine each levels. A wide compliance process that uses strategical tools and consistently empowered decision-makers volition guarantee brands tin proceed to navigate compliance past cookies and beyond. 


Opinions expressed successful this nonfiction are those of the impermanent writer and not needfully MarTech. Staff authors are listed here.


About The Author

Hugo is Partner and caput of the North American concern for 55, the information consultancy which sits wrong You & Mr Jones and is 1 of Google's apical planetary partners. After an archetypal 4 years astatine Google, his vocation has spanned aggregate roles successful the adtech and martech industry, wherever helium is simply a wide trusted advisor to brands connected each facets of however to deploy information to optimize their selling and lawsuit experience. Hugo is simply a recognized thought-leader and authorization connected each aspects of information absorption and privateness related issues for brands, with a knack for simplifying arcane and analyzable subjects without ever dumbing them down: helium is simply a regular contributor to publications arsenic divers arsenic AdExchanger and The Drum, and a predominant talker astatine selling and data-focused manufacture events.


Read Entire Article