Last week TRUSTe held a webinar “Privacy Shield Self-Certification – What’s Next?” as part of its Privacy Insight Series. If you missed the webinar you can still sign up to receive the on-demand recording and the slides.
Our speakers, David Fowler, Chief Privacy & Digital Compliance Officer, Act-On Software; Amanda Gratchner, Global Privacy Counsel, NAVEX Global; and K Royal, Senior Privacy Consultant at TRUSTe discussed several different ways to enhance everything from your policies to your Privacy Impact Assessments by leveraging your Privacy Shield Certification. They also discussed how to use the Certification toward compliance with other frameworks, such as the EU General Data Protection Regulation (EU GDPR).
Here are three practical tips our speakers shared:
- Create a Uniform Destruction and Retention Policy.
When conducting your data mapping and inventory exercise, pay special attention to destruction and retention policies so that any replicated data is treated the same.
2. Simplify Privacy Policies.
Eliminate any policies with grandiose language that cannot be enforced. Make re-certifying next year easier by fine tuning your policy as the organization changes.
3. Better Manage Vendors.
Feed subcontractor audit methodology to into your PIAs so that your privacy program becomes an overarching framework covering the entire data lifecycle.