3 Data Privacy Mistakes to Avoid
The topic of the General Data Protection Regulations (GDPR), and data privacy in general, can be overwhelming and confusing. As a company that’s based in Germany, we’ve been beholden to the regulation since it was put into practice in May 2018. We’ve learned a few lessons along the way and aim to share our experience with you.
By loading the video, you agree to YouTube's privacy policy.
Learn more
OTRS COO Christopher Kuhn has overseen all General Data Protection Regulation (GDPR) related projects within OTRS. Based on this experience, Christopher shared three data privacy mistakes that companies can make when they are trying to comply with GDPR or any other data privacy law, like the newly established California Consumer Privacy Act (CCPA).
Tips to Avoid GDPR Mistakesy
If you're uncertain about how to comply with GDPR, work with a consultant or your legal team to review data handling processes and put appropriate safeguards in place. In addition, consider these three tips that will help you avoid GDPR mistakes.
Tip One:
Educate Other Lines of Business
Educate Other Lines of Business
GDPR doesn’t simply apply to the IT department. Any group that’s working with personally identifiable information is tasked with GDPR compliance. Talk with marketing, HR, operations, etc. to make sure their data handling practices are in line with applicable data privacy laws.
Tip Two:
Investigate Vendors & Service Providers
Investigate Vendors & Service Providers
Chances are good that you’ve outsourced portions of your data processing efforts – hosting, payment processing, etc. Under GDPR, you are responsible for breaches incurred via service providers, so make sure yours are taking necessary precautions.
Tip Three:
See the Bigger Picture
See the Bigger Picture
Avoiding fines shouldn’t be the real goal here. Instead, understand that GDPR and other data privacy laws are calling upon businesses to be more stringent in their data handling practices. Plan accordingly.
Documentation Helps Avoid GDPR Mistakes Too
Complying with GDPR means documenting data handling processes, proving that these have been put into practice and addressing vulnerabilities swiftly. There are several phases of documentation that may help you avoid data privacy mistakes – with respect to GDPR or any other regulation. Certainly, you’ll start with written policies that are distributed company-wide. Also, map out how data is used within your company and document this too. Use these questions about avoiding GDPR fines to help guide you.
Then, start thinking about how you will demonstrate that these policies and processes have been followed. For instance, if your marketing team sends out a newsletter and a recipient requests data deletion (a right established under GDPR), how is that request captured? How can you show that all necessary deletion efforts have taken place? How can you confirm when they took place? Ticketing and workflow automation streamline this phase of documentation as they gather up requests, move them through pre-defined processes and incorporate a revision history.
OTRS serves as your partner in automating and documenting the administrative overhead that comes from implementing data handling processes.
If you're interested in having Christopher Kuhn or another OTRS data privacy expert offer input for an article or speak at an event, contact pr@otrs.com.