Preparing for the CCPA Without Boiling the Data Ocean
Founder and CEO
To meet GDPR EU General Data Protection Regulation’s Article 35 of conducting privacy impact assessments, most companies took a “bottom-up” approach and tried to boil their data ocean by conducting assessments for every system they had. They threw a wide net to identify all systems in their organization that contained personal data, including the enterprise tech stack and shadow IT functions. Then, they set out to create an assessment for each one, including the data elements and repositories. Months and months later, that ocean was pretty darn hot as the GDPR compliance date approached and the unending task was incomplete.
The good news for companies working to meet California Consumer Privacy Act requirements is that you don’t need to create PIAs. So, instead of initially conducting time-consuming reviews of every data store and process, you can focus on just the systems that directly impact the critical operational challenges of the CCPA – subject rights requests. You can work from a “top-down,” approach with a goal of processing timely, accurate and clear SRRs, and only initially targeting the systems that directly impact customer data and communications.
Tune into this educational web conference to hear from experienced privacy professionals about how you can work efficiently and practically to be in legal compliance with existing privacy laws. You’ll hear about how you can save time and resources by employing specific practices and procedures.