Data Privacy Management

Harnessing the potential of customer and consumer data has recently been brought on the agenda of majority of companies utilizing digital channels in their business, and not without a reason. Well organized collection, analysis and enrichment of personal, behavioral and mobile data about customers creates customer intelligence that can be used to personalize customer experience, improve sales and marketing performance and to derive new revenue streams.

Technological evolution of big data and analytics capabilities has made it possible to collect, store and analyze massive amounts of data in real time with relatively low cost. While Big data drives massive business benefits and enables new business models, privacy challenges arise because so much personal data can be collected and analyzed, revealing more than most individuals have expected.

Protecting your customer data is your responsibility. Brand trust is directly linked to how customers and their data are managed. Data must be managed and protected carefully and according to the legislation and the data privacy standards in different countries and industries.

Personal data and privacy  

Privacy means the appropriate use of personal information under the circumstances, and an individual’s right to control the collection, use and disclosure of personal information. Appropriateness depends on context, law and individual’s expectations.

Personal data can be interpreted as any information relating to an identified or identifiable natural person. Even anonymized data (encrypted, or personally identifiable data removed) is personal information, if the receiver possess such reference data that can be used to trace back and identify an individual. 

Sensitive personal information in EU refers to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health or sex life. Also other types of data can be considered sensitive in certain countries and its use may be subject to strict rules.

EU data protection

In the EU personal data can be gathered under strict conditions and only for a legitimate purpose. It must be protected from misuse and the rights of the data owners must be respected. Personal data may only be transferred from the countries in the European Economic Area to countries which provide adequate privacy protection. Individuals also have the right to obtain redress if their data is misused.

Global view of Data Protection Laws (Source: IAPP)

Global view of Data Protection Laws (Source: IAPP)

When collecting personal information, the companies need to know, for instance,

- how the data can and must be handled

- what the consumer rights are

- what the conditions for data transfer across the country borders are

- the company responsibilities when using sub-contractors

- how information may be used to direct marketing

- how location or behavioral data can be used

- how to protect the data from misuse

- etc.

The laws and expectations of different countries, cultures and people must be taken into account.

In case of data breach fines and compensations can be remarkable and a danger both to the economy and brand of the company.

Also, it should be considered how consumer data can be utilized respecting the individual and paying attention to the ethical and legal requirements. Every company should have a privacy policy and privacy notice that answers these questions to both internal (employees) and external (customers & consumers) audience

Information security

Information privacy refers to the handling, controlling, sharing and disposal of personal information while information security includes a wide range of both physical and administrative activities that protect any type of information. “You can have security without privacy…but you cannot have privacy without security.”  For example, a secure computer with solid access controls may be secure. However, if access controls were not assigned correctly, privacy may become an issue.

Many different actions to ensure information security can be taken, from hardware safeguards and security controls to least privilege and need to know access controls as well as external threat management against, for instance, malware, social engineering and phishing.

Bigdatapump data governance and privacy consulting

Bigdatapump team supports your company in defining the identity management and data capture framework, containing legal and privacy recommendations and best practices.

Contact us for more information