Fonte: Tech Radar
1. Policy: It’s imperative that companies continually design and refine all privacy policies, notifications and website verbiage to ensure they’re communicating data privacy information effectively to their community. Make sure information is always clear, consistent and easily communicable.
2. People: In addition to employing data privacy professionals such as DPOs, companies need to prioritize data privacy training for their employees. Just as cybersecurity policies and training programs are enforced, good data privacy hygiene must be instilled throughout organizations and the consequences of failing to adhere to data privacy best practices should be made abundantly clear.
3. Process: Just as companies conduct audits for financial purposes or code reviews for engineering efforts, implementing clear processes for the handling of customer and employee data is critical. Practice discipline and rigor here, as companies need to know for certain if anyone in the organization is capturing data without a clear purpose of use and/or if they’re sharing data beyond permitted boundaries.
4. Product: Lastly but perhaps most importantly, companies need to leverage products to automate key components of data privacy and demonstrate compliance to regulators. For instance, privacy impact assessments (which determine whether the data being collected complies with relevant regulatory and compliance requirements), data subject reports (which determine the type and amount of data being housed per individual), records of processing activity (which determine how data is being used), and consent reports (which determine what consents have been granted from data subjects) can all be automated to ensure continual data privacy compliance.
Clique aqui e leia a matéria completa.