Ever since Europe's General Data Protection Regulation (GDPR) entered public consciousness, tech companies have been aware of the rapid change in the field of data compliance. The shakeup from this particular piece of legislation won't be the last one the industry faces. As more and more governments look at technology providers as data brokers, the industry will likely see increased calls for compliance.
Staying one step ahead of these compliance regulations is essential to the long-term success of a tech company. Thirteen members of Forbes Technology Council expound on the ways that tech companies can stay ahead of the curve in the wild race against data compliance regulations.
1. Conduct Daily Research
I am a big fan of daily research. I don't want things to slip through the cracks so I have a lot of Google news feeds coming my way, and GDPR is one. I want to know right away if there are updates or new compliance regulations. Set up Google alerts to make sure you review the information daily and dig into the details as they arrive. - Christopher Carter, Approyo
2. Get Familiar With Key Concepts
There's more to GDPR than simply fixing your website. As a set of concepts, it has to become part of your organization from the ground up. Get familiar with the various departments that GDPR will impact, such as IT, marketing, human resources and security. Understanding key terms such as data controller, data processor and personal data will ensure you understand exactly what's needed to comply. - Dawson Whitfield, Looka (formerly Logojoy)
3. Follow The News And Join Tech Meetups
If tech leaders put themselves in users' shoes and use common sense to avoid invading users' privacy, they'd most likely be following regulations. And no matter what else you do, do not forget to ask permissions explicitly. Moreover, following news headlines and joining a tech meetup will help them stay on top of data privacy regulations. Tech meetups are an efficient way to know more in less time. - Vikram Joshi, pulsd
4. Look Into The Core Of Privacy Regulation
Even though there are many security regulations, most of them have a few things in common -- things like, is there control of who has access to regulated data, where is the regulated data located and does the policy describe workflows in detail. When you understand the core of a privacy regulation in general, it's much easier only to pay attention to peculiarities of a particular one. - Ilia Sotnikov, Netwrix
5. Join A Data Privacy Group
One suggestion that I have for IT and security leaders to stay in the know about data privacy regulations and compliance is to follow the International Association of Privacy Professionals. They provide up-to-date information about the ever-changing landscape of privacy regulations and laws. - Terence Jackson, Thycotic
6. Consider Outside Expertise
It can be very difficult for businesses to keep up to date with complex, ever-changing regulations. Payments, shipping, fulfillment, data security -- there's just too much on one's plate for in-house management to be effective in every case. Outsourcing some business operations to a third party that's dedicated to solving specific, nuanced problems can make compliance much easier to maintain. - Monica Eaton-Cardone, Chargebacks911
7. Hire A Compliance Officer
There are many compliance requirements in every industry. Companies that can afford it are best served by having a compliance officer. Those that cannot afford it should outsource their compliance to companies that specialize in this. For quick updates, I highly recommend checking regulators' newsletters and updates straight from their site. Other sources might not be up to date. - Afshin Doust, Advanced Intelligent Systems Inc.
8. Set Up A Digital Ethics Council
While GDPR focuses on data privacy, there is an increasing focus on the ethical use and fairness of AI. Tech leaders can stay ahead of the compliance curve by developing ethical frameworks for their applications -- including considerations for intended use, recognizing sources of unconscious bias (e.g. in data and teams), governance to oversee automated operations and data security. - Sanjay Srivastava, Genpact
9. Get Involved
Join committees and get involved in the actual policy-making process by contributing thought leadership. That way, you'll also know what's changing as it happens. - Jon Bradshaw, Calendar
10. Follow The Word On The Street
Log onto message boards and follow social media influencers. Now more than ever, the crowd is leading the drive for change from the grassroots up. Keep your finger on that pulse and stay ahead of the game. - Jose Morey, Liberty BioSecurity
11. Get Familiar With CCPA
While GDPR affected companies that do business in Europe, a lightweight version got passed in the state of California. The California Consumer Privacy Act (CCPA) takes effect January 2020, so it's time for even those only doing business domestically to understand and comply. This privacy act will serve as a precedent for privacy law changes at a national level. Be prepared. - Steve Pao, Hillwork, LLC
12. Keep Communication Open With Foreign Countries
Reach out to countries that you have a stake in and gather information from reporting agencies or trade agencies. Generally speaking, most governments want you to comply with their new regulations and want to make it easy to do so. By being in the loop, you can not only know about regulatory deadlines, but also if they are moved, as they often are. - Marty Puranik, Atlantic.Net, Inc.
13. Create A Checklist
Have someone on your team create a detailed GDPR checklist and make sure it's updated on a regular basis either by that individual or yourself. To stay up to date, consider setting a Google alert for the term. You can then distribute this checklist to all of the members on your tech team so that you can make sure everyone is up to date and staying compliant. - Thomas Griffin, OptinMonster
