de
fr
es
ja
Data Governance & Privacy

Data Governance: 5-Step Checklist for Success

Hilary October 5, 2016
Back to Blog

In May 2018, the General Data Protection Regulation (GDPR) will take effect, enforcing all organizations to be compliant. While the principles of accountability and transparency have previously been implicit requirements of data protection law, the GDPR’s legal emphasis will be crucial both for businesses and organizations operating across borders in today’s digital economy.

How will you balance providing a seamless customer experience with the increasing responsibilities in data privacy and security? 

As we continue  to see an increasing number of high-profile data breaches, brands are recognizing the long-term impact of how a data breach can lead to a loss of consumer confidence — not to mention massive financial implications.

Vigilance is the key. From the vendors you choose to work with, to the policies and procedures in place, here are five steps to jump-start your data governance strategy and ensure successful integration across your organization.

STEP 1: Due Diligence
Audit data flows to determine who has access and where data is going.

Business Team Technology Team
  • Identify vendors in use
  • Validate vendor access
  • Review current contracts
  • Audit vendor technology
  • Review vendor policies
  • Remove non-compliant or unused vendors 

 

 

 

 

 

 

 

 

 

 

STEP 2: Data Inventory 

Build a data inventory to understand what personal data your organization collects, where it is stored, how it is protected, and who may have access to it.

Business Team Technology Team
  • Agree on data sensitivity both from a legal and experience perspective
  • Agree on the data needed to run marketing vs. operations
  • Document data requirements for running the business
  • Document where the data stored (Customer Data, Campaign Data, Enterprise Data)
  • Ensure that data handling is in compliance with business policies and legal requirements
  • Check vendor integrations

know-your-data-types

 

 

 

 

 

 

 

STEP 3: Build Controls
Develop policies and procedures to provide clear and accurate notice of data usage both internally (policy and process) and externally (notification and terms and conditions).

Business Team Technology Team
  • Verify proper contacts with vendors
  • Create governance policies and processes
  • Update external and internal communication
  • Configure vendors for ‘least-access’
  • Create data audit guidelines and tests
  • Test and audit internally for compliance
*Ensure employee training across the entire organization

 

 

 

 

 

 

 

 

 

STEP 4: Data Governance Panel
Work across the organization to activate against internal processes for both business and technology teams to move forward.

Business Team Technology Team

Communicates with Technology on:

  • Needs to drive marketing and customer experiences
  • Legal ramifications of non-compliance
  • Expectations of the business on technology

Communicates with Business on:

  • Best practices with access, transmission and storage of data
  • Protects the data and the customer from ‘bad’ players (internal, external, partner)
  • Enables business within reason

Collection Directive

 

 

 

 

 

 

 

 

 

 

STEP 5: Provide Clear and Accurate Notice
Ensure transparent and explicit consent (opt-in) and communicate usage across the organization, customers and vendors.

Business Team Technology Team
  • Update Privacy Policy to reflect data usage (i.e. cookie policy, IP usage)
  • Provide means for opt-out across all marketing
  • Communicate with technology on evolving data usage
  • Provide customers with Explicit Opt In/Out
  • Ensure ‘Right to be Forgotten’ and general data deletion directives
  • Communicate to Business and Vendors of compliance changes or lack of

It's everyone's responsibility

 

 

 

 

 

 

 

 

 

 

In an era when providing a personalized experience is paramount, customer data can be vulnerable to many outcomes. Organizations must be proactive to mitigate the risks that could potentially expose sensitive information. There are five ways to  promote an organization-wide tenor of consumer confidence and to ensure that the value exchange of data is safeguarded. From a vendor standpoint, data should be audited to determine who has access and where the steady flow of information is going.  The strategic parameters for your business and technology teams must be defined.  Build a data inventory to understand what personal data your organization gathers is essential. Where does it live? Who in the organization has access to that information. And what kind of data is it — first, second, or third-party? Organizations should develop the policies and procedures that provide built-in controls for the usage of that data once it is defined for each case. Make sure that the vendor is working hand-in-hand to reach a level of business expectation that serves the customer experience. What’s in it for everyone? Lastly, ensure transparent and explicit consent of that information and communicate usage across the organization, customers, and vendors.


Learn more about how to make sense of the current legal landscape and how to provide these safeguards to your customers in our webinar: 5 Steps to Building your Data Governance Plan.

Download our Data Governance Checklist: 5 Steps for Balancing Customer Experience with Privacy & Security.

Post Author

Hilary Noonan
Hilary is Director of Content at Tealium.

Sign Up for Our Blog

By submitting this form, you agree to Tealium's Terms of Use and Privacy Policy.
Back to Blog

Related Content

Data Governance & Privacy
April 1, 2024

Your Guide to The New Office for Civil Rights (OCR) Guidelines Regarding the Use of Online Tracking Technologies

The bulletin released by the Office for Civil Rights at the US Department of Health and Human Services (HHS) in October 2022 offered specific guidelines regarding the use of online tracking technologies by HIPAA. This led to a major overhaul in how HIPAA-regulated entities performed online visitor tracking and analytics. Following the bulletin, the American […]
Read More
Nirmal Vemanna
Data Governance & Privacy
February 8, 2024

How The Rise of Pen Register Lawsuits Impacts California’s Online Landscape

In recent developments in California, a novel legal trend is reshaping the dialogue around digital privacy and website user tracking. Over fifty class-action lawsuits have been initiated since November 2023, targeting website operators for allegedly installing software that acts as an illegal “pen register.” This marks a significant shift from previous legal challenges that predominantly […]
Read More
DJ Landreneau
Data Governance & Privacy
January 28, 2024

Derisking Data: Regulatory Milestones Shaping the Use of AI and Data in 2024

In 2023, the global digital economy underwent a notable evolution arising from advances in AI, data governance, multilateral digital capacity building, regulatory sandboxes and several legislative developments.  In this first instalment of a two-part ‘Derisking Data’ blog series, gain insight into 5 key regulatory developments that will redefine the contours of AI and data usage […]
Read More
Anna Koleth

Want a CDP that works with your tech stack?

Talk to a CDP expert and see if Tealium is the right fit to help drive ROI for your business.

Get a Demo
9605 Scranton Rd. Ste. 600
San Diego, CA 92121
+1 (858) 779-1344
By submitting this form, you agree to Tealium's Terms of Use and Privacy Policy.
9605 Scranton Rd. Ste. 600
San Diego, CA 92121
+1 (858) 779-1344
Solutions
Products
Resources
Company
Industries
Partners
Support
Legal