Nobody knows what the future looks like, but new mega trends, new business ideas, and threats are arising every day. Companies are looking for their position in the market and defining if they want to be trend-setters, early adopters, or those who observe the changes a bit longer before they decide. One way or the other, all companies innovate new business ideas and products, some at a faster pace and some slower. As a consequence of these new business ideas and products, the available information systems and data often change as well. This sets requirements for the privacy area, which is easily forgotten.
The privacy area is challenging. Despite the GDPR requirements already being there for several years, the decisions and the imposed fines issued by the authorities in different European countries refine the interpretation all the time – in my opinion, to the stricter direction. That is a good reason to monitor the decisions and adapt the processes according to them all the time. Lately, for me, one of the most important topics to follow has been related to valid “consent” and how it should be seen in digital services. If we are talking about cookie consent mechanisms, is it as easy to decline all cookies as it was to consent to them if you have to go to a separate cookie settings page and scroll down tens and tens of cookie settings to finally find the button “Decline all”? If we are talking about web analytics, can an obtained cookie consent be a valid legal basis for international data transfers to third countries? If you are providing digital services when is the obtained consent on a granular level enough? And do you have a process for withdrawing consent every time when it is used as the legal basis for processing personal data? I can assume most business leaders won’t dedicate their time to these details when having a bright vision for a new product idea. That is the moment when you need expertise in this area.
When the new service and product ideas are refined to new business processes, our privacy team is there to support you, – regardless if you need help in evaluating the compliance of new vendors or new systems, training for the stakeholders from new owners to new individual systems owners who have not had responsibilities in privacy area before or if you need to plan the processes how the data subjects’ rights are fulfilled. “Privacy by design”, from the first moments of a new product or service development project is a lot easier to build and maintain than investigate and correct the gaps afterward.