Preparing for the CCPA Without Boiling the Data Ocean
To meet GDPR EU General Data Protection Regulation’s Article 35 of conducting privacy impact assessments, most companies took a “bottom-up” approach and tried to boil their data ocean by conducting assessments for every system they had. They threw a wide net to identify all systems in their organization that contained personal data, including the enterprise tech stack and shadow IT functions. Then, they set out to create an assessment for each one, including the data elements and repositories. Months and months later, that ocean was pretty darn hot as the GDPR compliance date approached and the unending task was incomplete.
The good news for companies working to meet California Consumer Privacy Act requirements is that you don’t need to create PIAs. So, instead of initially conducting time-consuming reviews of every data store and process, you can focus on just the systems that directly impact the critical operational challenges of the CCPA – subject rights requests. You can work from a “top-down,” approach with a goal of processing timely, accurate and clear SRRs, and only initially targeting the systems that directly impact customer data and communications.
Tune into this educational web conference to hear from experienced privacy professionals about how you can work efficiently and practically to be in legal compliance with existing privacy laws. You’ll hear about how you can save time and resources by employing specific practices and procedures.
Founder and CEO, WireWheel
Justin is recognized as one of the leading experts on privacy and data protection. Prior to WireWheel, he led a number of important international dialogues as Acting U.S. Under Secretary on privacy, including the EU-US Privacy Shield negotiations and GDPR outreach.
Knowledge Manager, IAPP
In his role as Knowledge Manager, Dave Cohen oversees content contributions from the many privacy professionals actively engaged with the IAPP. These collected works of expertise are shared with IAPP members and the general public through our Privacy Perspectives and Privacy Tracker blogs, The Privacy Advisor newsletter, web conferences and live events throughout the year.