Data privacy is something that no organization can ignore; global data privacy laws are forcing all businesses to change the way they collect, manage and use consumer data. Under legislation, such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), businesses are liable for non-compliance and data leakage, whether accidental or malicious, which can lead to lawsuits and significant fines. Learn more about the CCPA and GDPR mandates here.
Compliance enablement and audit
There are steps you can take towards ensuring compliance within your organization:
- Enable website functionality to meet the CCPA and GDPR data privacy requirements
- Implement third-party provider controls
- Update data breach policies and measures
- Evaluate security measures
- Conduct data inventory, mapping and audit
- Create internal data subject request policies to respond in a timely manner with required information
- Review and update vendor agreements
- Provide methods for data subjects to make requests
- Line up C-level executive support and budgets
To ensure compliance in line with global data privacy laws and if action was ever taken upon your organization, it is essential that you are able to prove compliance and provide evidence of actioning data requests – this differs based on the law in question.
Global data privacy enforcement
Consumers must be given the power to control what happens with their data and organizations have an obligation to protect against unauthorized collection or theft.
Ensighten MarSec™ enables client-side compliance enforcement in line with the CCPA and other global mandates, including the GDPR.
Through our data privacy solution, organizations have the ability to enforce compliance in real time and provide the following functionality:
- “Do Not Sell My Personal Information” and “Opt-Out” of data collection functionality and activation (CCPA)
- Global consent enforcement for data collection (GDPR)
- Disclosure and choice selection for categories and types of data collected and sold (tracking, site personalization, social media), including documentation of where information is sold and each third party (CCPA and GDPR)
- Full event-level reporting and compliance audit on opt out, notice, collection and erasure of data (CCPA and GDPR)
- Control of third-party website technologies to prevent unauthorized data collection and tag piggybacking (CCPA and GDPR)
- Monitoring and blocking of malicious code injection (CCPA and GDPR)
- Support of native user consent experience, enterprise compliance and risk solutions (CCPA and GDPR)