Building and sustaining your data privacy program
Hi, I am Orson Lucas and I am one of the leaders of KPMG’s U.S. Privacy team and I’d like to spend some time talking to you about the trends that we’re seeing in Data Privacy.
Over the past few years, there’s been a sea change around data privacy. Globally, GDPR which is currently in effect, and current and emerging regulations in China, Brazil, India, and Russia all create a global complex landscape for global companies to navigate. Consumer companies with a presence in the United States are further challenged, with the pending implementation of the California Consumer Privacy Act (CCPA), which is effective on January 1st 2020, as well as other proposed privacy regulations in close to a dozen states. Rather than playing defense and chasing compliance with individual regulations, KPMG works with companies to establish a principles-based, proactive privacy posture that focuses on empowering stakeholders to use data in a way that can be accretive to customer growth and enriches the customer experience.
In our experience, building a privacy program from the ground up, and fine tuning a program within the diverse and complicated environments in which many of our customers operate can be a daunting proposition.
It is important to start early and leave ample time to address what are inevitably more complicated issues than anticipated. At the same time, it’s important to start with a solid, practical plan and clearly defined ownership and governance. We recommend organizations focus on five major privacy program capabilities to help streamline and demonstrate compliance, but as importantly, to build a program that is sustainable and agile.
These capabilities include the following: