February 23, 2021
We recently hosted a webinar on data compliance in 2021. If you’ve got any questions about staying compliant this year, it’s definitely worth a watch. If you’re after an overview of the webinar, you’re in the right place.
The panel for this webinar consisted of four business and legal experts:
Covering the following topics, which you can click to navigate to the relevant section:
Aksa Kalam kicked the webinar off with a section on GDPR compliance.
“GDPR exists to give people more control over their data, and set out ways in which companies must process the customer data they hold.” - Aksa Kalam
The key takeaway here is legitimate interests.
That’s processing of data, which is necessary for legitimate interests by the controller (or third party). Except where such interests are overridden by the interests, fundamental rights, or freedoms of the data subject - which require protection of personal data.
Aksa also covered the ways in which Cognism stays GDPR compliant, which include:
“This is a California state law. It might not apply to your particular business. It depends on the proportion of your revenue coming from monetising profiles in California.” - Eitan Jankelewitz
It’s much more focused on the trading of data.
Eitan covered the ways in which Cognism stays CCPA compliant, which include:
“The new UK data protection framework obligates businesses based outside of the UK, reaching out to UK markets, to appoint a representative in the UK.” - Aksa Kalam
There are now two legal provisions which may mandate businesses to appoint representatives: UK GDPR and EU GDPR.
At the moment, the UK is seeking adequacy from the European Commission. If it’s granted, there will be no special authorisation required and personal data will continue to flow freely from the EU to the UK.
In the event of no adequacy, we will have to rely on “appropriate guarantees” to ensure a sufficient and appropriate level of protection for personal data transferred from the EEA to the UK. These appropriate guarantees include:
In this section, Vincent Delamarre discussed data management and governance.
“You have to protect your data and make sure it’s compliant. There are three things you need to be aware of: documentation and process, automating consumer rights and securing personal information.” - Vincent Delamarre
Let’s break those down a bit.
This starts with a compliance policy. It’s about what you consider to be personal data, and how long you plan on keeping your data. There are guidelines for this, but it’s also about how you tailor it to your situation.
You need to ensure consumers have: Right of Access, Right of Erasure and Right of Portability.
Consent expires after a certain amount of time, so you have to make sure data is not kept past its personal data lifecycle.
The amount of time varies depending on location and what is considered legitimate in a particular business.
The requirement is that personal data is not held any longer than necessary. When it stops being useful, best practice is to have an automation set up to remove it. This could be done after a certain amount of time or number of touch points.
Cognism offers a service called Refresh, where expired data can be updated. This will add value to your data set while meeting GDPR requirements.
The last security measure you need in place is data breach detection. You must have a system in place to alert you if there’s been a data breach. The penalties for not acting on a breach can be very severe.
In accordance with everything spoken about, here are a few of the best practices adopted by Cognism:
If you’d like to go a little deeper on the topics mentioned in this recap, be sure to listen to the full recording. It’s packed with expert insights, including a section on predicting the 2021 landscape and an in-depth Q&A.
Here’s your link. 👇