How does a data protection officer build trust in Customers through Privacy engineering?

Today, we are at the centre of a change in the business ecosystem that is re-defining the way we work and communicate from distributed locations, the pace of digital evolution, the evergrowing security challenges, and guidance from regulators. Tejasvi Addagada, the data protection officer of a large Indian Bank, says that this new normal has resulted in the accumulation of data, increased processing, and the natural evolution of new technology like the cloud that can store and process vast data with ease. As data available to organizations is increasing exponentially, there is a need for privacy technology that can actively manage responsible curation and management of personal data. Most organizations are looking to manage and govern the personal data for active focus on customers’ needs as well as to reduce their anxiety in receiving services. There are laws like the General Data Protection regulation that guide how data can be collected from customers and then managed within their rights. Also, Tejasvi states that the general principles of corporate Governance are aligned to foster and sustain an environment of accountability, transparency, and trust, thereby supporting a more purposeful society. Data protection and privacy bolster this cultural change as a perceived qualitative facet that cascades from an enabling yet controlled environment.

Now, in this fast-paced environment doing business has become complex, driven by pointed guidance from legislators and increased digital competition. You can consider the opportunity to use a trust framework to prepare for upcoming regulations by embracing a benefits-based and offensive strategy. Such an overarching framework provides guiding thoughts to the privacy requirements as they get translated operationally into a controlled environment.

More often, organizations kick-start a data protection program by publishing a privacy policy or a notice to customers that provides information on the type of processing of personal data. Issuing a privacy policy in an easy-to-understand means to customers is generally a lucid cascade of the principles or ethics within the organization to customers. However, before publishing a privacy policy, a best practice is to understand the purposes and processing activities associated with personal data across business domains through a privacy impact assessment. As an organization formalizes the privacy function, a process can be defined on the curation on the type of personal data collected from data subjects, it's processing as well as stored and disposed of. A policy can provide further information about how customers can exercise their data protection rights. A further extension on digital channels around privacy policy is a cookie notice that provides more information about what information cookies use and how to provide preferences.

As we translate a trust framework into implementable layers across people, processes, and technology capabilities, it becomes easier to implement a controlled environment. The people capabilities are associated with guidance through internal policy and customer privacy policy, maintaining customer data accuracy, preferences on data processing, customer requests for personal data, and a single view of customer relationships.
We can associate the next layer of process capabilities by designing changes with privacy thinking at the core, classifying data, maintaining the purpose of the processing as well as confidentiality, integrity, availability of personal data. Further, internal and third-party personal data processing can be related to contracts, data ownership, and stewardship. The final layer being the technology capabilities can be associated with data security controls,

Application classifications, managing access controls, monitoring logs for data transfers, discovering and cataloging data, retention management etc.

Follow me on LinkedIn and Twitter or on my website

A data strategist solving customer centric challenges through digital technology, data engineering and data governance to monetize data for new revenue streams