How to Survive the Coming Data Privacy Tsunami

How to Survive the Coming Data Privacy Tsunami

Author, KRISTINA PODNAR is a digital policy innovator. For over two decades, she has worked with some of the most high-profile companies in the world and has helped them see policies as opportunities to free the organization from uncertainty, risk, and internal chaos. Podnar’s approach brings in marketing, human resources, IT, legal, compliance, security, and procurement to create digital policies and practices that comply with regulations, unlock opportunity, strengthen the brand and liberate employees.

 Just as we have gotten used to the idea that the EU’s General Data Protection Regulation (GDPR) is a fact of life and have made modifications in our data collection procedures, the Brazil General Data Protection Law (LGDP), the California Consumer Privacy Act (CCPA), and waves of proposed new data privacy laws are swirling in the calm forewarning of a privacy tsunami heading our way. In the middle of such deep acronym swirls, it could be easy to be overwhelmed. However, all the privacy regulations share a number of commonalities and by addressing these now, you will be on high ground as the waves begin to pound.

The compliance life raft

While you will need to pay attention to the details of individual data regulations as they arise, whether already adopted, pending adoption, or only proposed, all the regulations share certain commonalities that you should consider addressing as part of ongoing operations.

Accountability and governance

At the heart of data privacy requirements is the aim to have organizations develop a plan to self-manage data in a way that respects end users. To address accountability and governance requirements in your organization, consider, have you:

  • Reviewed the applicability and risk to the organization from data privacy issues, and considered alternatives, including insurance, in case you are fined?
  • Mandated that data privacy become part of the policy program, including staff training, measurement, and compliance reporting?
  • Clearly documented roles, responsibilities, and reporting lines to embed privacy compliance

Consent and processing

A fundamental privacy regulation concept is that end users are aware when and why their data is collected, and what happens to it once it’s given. To address these requirements, ask yourself whether you have:

  • Reviewed that the data being collected and used is necessary and for the benefit of completing a desired action by the user?
  • Identified sensitive data and ensured it is treated as such through the use of special encryption or by validating vendor storage practices for sensitive data, etc.?
  • Confirmed that user consent for data collection is clearly captured and documented, and that user data can be modified or erased?

Notifications and data rights

Gone are the days of legalese or simply taking data from users because we can. Data privacy regulations require transparency, user awareness, and forthright behavior by businesses. To ensure you get this right, ask yourself whether the organization has:

  • Written user notices clearly so they can be easily understood—properly targeted to children where relevant—and are reflective of specific data collection and usage purposes?
  • Updated the internal organization’s data privacy policy to clearly state the rights of prospects and customers regarding the collection and processing of their personal data?
  • Created and tested processes to correct and delete all user data if needed?
  • Developed a solution to give users their data in a portable electronic format?

Privacy design

Organizations that treat privacy as a core design principle will always be in alignment with data privacy regulations. In my consulting experience, I see many self-disciplined organizations that have historically had good privacy practices and have little to address with each new law. To get to that state, ask whether you have:

  • Created or updated the policy and associated process to embed privacy into all technology and digital projects, including those outsourced to vendors and partners?

Data breach notification

For many organizations, the question nowadays isn’t whether the organization will have a breach, but rather when will it happen and how will they respond. To address regulatory breach aspects, ask whether the organization has:

  • Created (or reviewed and updated an existing) data breach policy and response plan to reflect detection, notification, and the actions to mitigate loss?
  • Considered and obtained insurance for a possible data breach and regulatory penalties that the organization may face but not be able to handle on its own?
  • Incorporated data breach terms and requirements into all vendor and third-party contracts?

Data localization

New data privacy regulations state where data physically must be stored, and if transferred to another country, what are the requirements for doing so. Your organization will be well positioned to meet this requirement if it can answer:

  • Have we identified and updated all cross-border data flows from the country where the data is collected, and reviewed data export for on-premise and cloud solutions?

Children’s online privacy considerations

Data privacy regulations are concerned with end users, but  are even more strict about children and their online data protection and rights. It is best to get ahead of these issues by asking whether the organization has:

  • Defined what data it collects from children, whether as a business practice or through efforts like “take your child to work day”?
  • Are user notifications and online privacy statements written in a way that a child could understand them, and do they state that parental consent is required?

Contracting and procurement

Most businesses may struggle to understand exactly what personal user data is collected via websites, mobile applications, and other digital platforms, especially through third-party software solutions and vendors. To make sure that your organization isn’t caught out, ask whether you have:

  • Reviewed and ensured that all vendors, customers, and third-party agreements reflect data regulatory requirements?
  • Defined procurement processes such that privacy is integrated into all products and services the organization buys, including regarding data minimization, the visibility of onward data flows, and data ownership?

 

How to Survive the Coming Data Privacy Tsunami

How to Survive the Coming Data Privacy Tsunami

Author, KRISTINA PODNAR is a digital policy innovator. For over two decades, she has worked with some of the most high-profile companies in the world and has helped them see policies as opportunities to free the organization from uncertainty, risk, and internal chaos. Podnar’s approach brings in marketing, human resources, IT, legal, compliance, security, and procurement to create digital policies and practices that comply with regulations, unlock opportunity, strengthen the brand and liberate employees.

 Just as we have gotten used to the idea that the EU’s General Data Protection Regulation (GDPR) is a fact of life and have made modifications in our data collection procedures, the Brazil General Data Protection Law (LGDP), the California Consumer Privacy Act (CCPA), and waves of proposed new data privacy laws are swirling in the calm forewarning of a privacy tsunami heading our way. In the middle of such deep acronym swirls, it could be easy to be overwhelmed. However, all the privacy regulations share a number of commonalities and by addressing these now, you will be on high ground as the waves begin to pound.

The compliance life raft

While you will need to pay attention to the details of individual data regulations as they arise, whether already adopted, pending adoption, or only proposed, all the regulations share certain commonalities that you should consider addressing as part of ongoing operations.

Accountability and governance

At the heart of data privacy requirements is the aim to have organizations develop a plan to self-manage data in a way that respects end users. To address accountability and governance requirements in your organization, consider, have you:

  • Reviewed the applicability and risk to the organization from data privacy issues, and considered alternatives, including insurance, in case you are fined?
  • Mandated that data privacy become part of the policy program, including staff training, measurement, and compliance reporting?
  • Clearly documented roles, responsibilities, and reporting lines to embed privacy compliance

Consent and processing

A fundamental privacy regulation concept is that end users are aware when and why their data is collected, and what happens to it once it’s given. To address these requirements, ask yourself whether you have:

  • Reviewed that the data being collected and used is necessary and for the benefit of completing a desired action by the user?
  • Identified sensitive data and ensured it is treated as such through the use of special encryption or by validating vendor storage practices for sensitive data, etc.?
  • Confirmed that user consent for data collection is clearly captured and documented, and that user data can be modified or erased?

Notifications and data rights

Gone are the days of legalese or simply taking data from users because we can. Data privacy regulations require transparency, user awareness, and forthright behavior by businesses. To ensure you get this right, ask yourself whether the organization has:

  • Written user notices clearly so they can be easily understood—properly targeted to children where relevant—and are reflective of specific data collection and usage purposes?
  • Updated the internal organization’s data privacy policy to clearly state the rights of prospects and customers regarding the collection and processing of their personal data?
  • Created and tested processes to correct and delete all user data if needed?
  • Developed a solution to give users their data in a portable electronic format?

Privacy design

Organizations that treat privacy as a core design principle will always be in alignment with data privacy regulations. In my consulting experience, I see many self-disciplined organizations that have historically had good privacy practices and have little to address with each new law. To get to that state, ask whether you have:

  • Created or updated the policy and associated process to embed privacy into all technology and digital projects, including those outsourced to vendors and partners?

Data breach notification

For many organizations, the question nowadays isn’t whether the organization will have a breach, but rather when will it happen and how will they respond. To address regulatory breach aspects, ask whether the organization has:

  • Created (or reviewed and updated an existing) data breach policy and response plan to reflect detection, notification, and the actions to mitigate loss?
  • Considered and obtained insurance for a possible data breach and regulatory penalties that the organization may face but not be able to handle on its own?
  • Incorporated data breach terms and requirements into all vendor and third-party contracts?

Data localization

New data privacy regulations state where data physically must be stored, and if transferred to another country, what are the requirements for doing so. Your organization will be well positioned to meet this requirement if it can answer:

  • Have we identified and updated all cross-border data flows from the country where the data is collected, and reviewed data export for on-premise and cloud solutions?

Children’s online privacy considerations

Data privacy regulations are concerned with end users, but  are even more strict about children and their online data protection and rights. It is best to get ahead of these issues by asking whether the organization has:

  • Defined what data it collects from children, whether as a business practice or through efforts like “take your child to work day”?
  • Are user notifications and online privacy statements written in a way that a child could understand them, and do they state that parental consent is required?

Contracting and procurement

Most businesses may struggle to understand exactly what personal user data is collected via websites, mobile applications, and other digital platforms, especially through third-party software solutions and vendors. To make sure that your organization isn’t caught out, ask whether you have:

  • Reviewed and ensured that all vendors, customers, and third-party agreements reflect data regulatory requirements?
  • Defined procurement processes such that privacy is integrated into all products and services the organization buys, including regarding data minimization, the visibility of onward data flows, and data ownership?

 

Six Actions to Take Now to Update Your Executive Resume

Six Actions to Take Now to Update Your Executive Resume

By Lisa Rangel

The executive recruiter calls with a job that sounds as if it was written just for you.  The more the recruiter describes the position, the more excited you get. Then she ends the call with, “Great!  Send me your resume and I’ll submit it to the company.”

Duh!!!

That’s the moment you realize that you haven’t updated your resume…What do you do?

Here are six actions you can take to update your executive resume pronto: 

  1. Ask the recruiter what are the top three achievements the prospective employer wants the next hire to do. Next be sure you have measurable achievements listed that demonstrate how you either have done these accomplishments already or show how you are positioned to do these wins as next steps in your career.  Speak to what the employer needs and what the recruiter says is important in the form of achievement-based bullets in your resume. Here are a few tips to do that include focusing on CAR or STAR formats.  CAR stands for Context, Action, Result. The objective is to introduce a problem that you solved by providing the story behind it. STAR (Situation, Task, Action, Result) is similar in so far as you are also telling a story and highlighting how you are the hero in a situation: https://chameleonresumes.com/how-write-achievement-based-executive-resume-bullet/
  2. Make sure your contact information is updated. Current phone number (mobile) and email. You won’t need to include your physical address to send your resume to a third party recruiter in most cases. Be sure to include your LinkedIn profile vanity URL.  Here are instructions on how to create your Vanity LinkedIn URL: https://www.linkedin.com/help/linkedin/answer/87/customizing-your-public-profile-url?lang=en
  3. Ensure the target position you just discussed with the recruiter is reflected in the title of your resume.  Don’t start this summary section with the word “summary” or “objective.”  Use the title as the title. This will visually reinforce to the reader that you want to do what they need.
  4. Freshen up the font.  Gravitate towards a font more modern while still conveying an executive feel, such as Calibri or Arial Narrow.
  5. Update the visual element to your resume. Include subtle touches of color in the form of a separator line between sections. Refrain from using graphs and tables. Keep the layout simple, yet elegant, when doing your resume yourself.
  6. Employ the use of white space in your resume. Break up blocks of information and use short sentences with numeric- and results-driven content. Know that readers digest reading your resume in 6 second increments, so you want to write digestible morsels to keep them reading and motivated to call.

Ideally, you want to be ready with a resume BEFORE that recruiter call comes. But let’s face it, most of us will do it under pressure after the call comes.  So these steps above will have you updating your resume and sending it over to the recruiter in no time! Also, remember companies that specialize in executive resume writing and consulting can be a big help when it comes to updating a resume quickly.  You never have to do it alone.

ABOUT LISA RANGEL

Lisa Rangel, Founder and Managing Director of www.ChameleonResumes.com, LLC (a Forbes Top 100 Career Website), is a Certified Professional Resume Writer, Job Landing Consultant & 13-year Recruiter. She’s been featured on CNN Business, Fast Company, Business Insider, Forbes, LinkedIn, CNBC, Time Money, BBC, Newsweek, Crain’s New York, Chicago Tribune, eFinancialCareers, CIO Magazine, Monster, US News & World Report, Good Morning America, Fox Business News, New York Post, and other reputable media outlets.