6 Important Data Privacy Questions You Need To Be Asking

Data privacy. It’s quickly turning into the business world’s buzziest buzzword.

With privacy regulations becoming both more common and more robust, and consumers increasingly expecting more control over their personal information, you don’t have any time to waste in building your privacy program. After all, data privacy is complicated. It’s normal to feel overwhelmed, confused, and like you have a thousand questions before you even start.

So what do you need to know? We’ve compiled a list of the top 6 most common questions our clients bring to us.

Fair warning: just like with a conversation with a three-year-old, some of these questions lead to more questions.

#1—Can we understand our own privacy policy?

Another question that goes with this one (I warned you!) is “When was the last time you read your privacy policy?”

New laws like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) mandate updated, transparent privacy policies that explain how you are collecting and using consumers’ personal information and/or customer data.

If you want to both comply with regulations and meet best practice standards, you’ll ditch the four pages of dense legalese in your old policy and upgrade it with a new policy full of user-friendly language that clearly details your data collection policies. You might also think about creating a visual representation of the summary points, like a colorful infographic that uses icons and boxes to explain data use and collection.

One more question that comes with this one—do you know the last time your cookie banners were updated? If not, read the steps above, rinse and repeat.

#2—What do we know about the data we collect?

Ready for a laundry list of questions that fit with this one? Here goes:

Do we know what personal data we are collecting?
Are we collecting data we don’t need?
Do we know where and how long data is stored?
Do we know what we are doing with the data we collect?
Do we know who has access to sensitive data like a phone number or birth date?
Do we know who we share our data with?

These questions may seem overwhelming, but the answers will give you the roadmap you need to build a compliant, agile privacy program.

Having crystal clear insight into the lifecycle of a data record in your system will help you identify where your data is at high risk of being compromised, where your program is out of compliance, and which of your vendors are safe to use.

#3—Do we design our tech stack with privacy in mind?

Here’s the deal—it’s easier and more cost-efficient to build a privacy-friendly system from the ground up than it is to try and squeeze the functionality you need out of your existing setup.

Think of it like building a swing set. Instead of reading all the instructions, you throw it up in two hours on a random Thursday night. Two days later, you hear a dramatic screech every time your kids swing and you find a big crack down one of the support posts, all because you used the wrong screws and cemented it on an unlevel surface.

Here’s why you need to get your tech, data security, marketing, and privacy team all involved in designing your IT infrastructure:

If you start out with privacy in mind, the programs you select and the processes you develop will be more agile and better able to quickly adapt when privacy laws/best practices change (which, trust me, they will).
You’ll have to do less re-training for your employees, since they will already be following workflows focused on securing data.
All your teams will have ownership of your privacy program, making them more committed to following through on training, engagement, and compliance initiatives.

(Bonus: this question didn’t have another question. You’re welcome!)