Consent

Considerations for choosing the right privacy tech vendor

Some organizations and SAP users choose to use a privacy tech vendor like Natuvion’s CIO-competence-center to help them achieve compliance. Five areas of support include;

  1. Privacy Assessment Management and Privacy Program Management Creation

  2. Data Search and Mapping

  3. De-identification or pseudonymization

  4. DSR (Data Subject Rights Processing

  5. Consent Management

The International Association of Privacy Professionals is policy neutral and they are the world’s largest information privacy organization. Below is a list of four items they recommend you consider when selecting the right privacy tech vendor;

  1. Working in partnership with law firms

  2. Privacy office budget

  3. Involvement of IT/CIO in decision making and implementation

  4. Ability to keep up with a rapidly changing legal regulations AND rapidly changing SAP technology

Typically privacy tech vendors are broken into two categories; The first is privacy program management (focused on privacy processes) and the second is enterprise program management (focused on technical items).

Natuvion is the the only SAP privacy tech vendor that consolidates both suites of privacy management into one competence center. To learn more contact us here.

Preparing for the General Data Protection Regulation | Why should a company act now and not wait?

Preparing for the General Data Protection Regulation | Why should a company act now and not wait?

Preparing for the General Data Protection Regulation: A 'Wait and See' approach is going to be pricey for US organizations doing business with the EU.

What do Human Resources departments need to know about Data Protection Policy (GDPR) when using SAP HCM or SAP SuccessFactor systems?

What do Human Resources departments need to know about Data Protection Policy (GDPR) when using SAP HCM or SAP SuccessFactor systems?

What do Human Resources departments need to know about Data Protection Policy (GDPR) when using SAP HCM or SAP SuccessFactor systems?

The General Data Protection Regulation (GDPR) will be enforced from 25 May 2018, giving Human Resources (HR) departments just a few months to ensure that they have updated their processes for collecting and processing data about employees, former employees and job candidates.

Three important GDPR articles that HR needs to know now....

Is GDPR consent required for the use of anonymous data?

Is GDPR consent required for the use of anonymous data?

The GDPR sets very particular regulations on consent. With the new regulation coming in May 2018, companies need to be prepared for new GDPR consent mechanisms for their SAP test and QA systems. Anonymizing data in these systems make GDPR consent no longer mandatory. Natuvion's TDA tool offers a safe way to anonymize data so that it can be safely and rightfully used while expediting the process to full compliance and without the risk of facing GDPR  fines.  

GDPR | Changes for Prospect Management and Prospect Consent

The GDPR changes prospect and customer engagement rules.

The conditions for obtaining prospect consent are stricter under GDPR requirements, as the individual must have the right to withdraw consent at any time. There is also a presumption that consent will not be valid unless separate consents are obtained for different processing activities.

  1. Newsletters | This means you have to be able to prove that the individual agreed to a certain action, like receiving a newsletter for instance. It is not allowed to assume or add a disclaimer, and providing an opt-out option is not enough.
  2. Marketing and sales activities | Companies will have to review business processes, applications and forms to be compliant with double opt-in rules and email marketing best practices. For example in order to sign up for communications, prospects will have to fill out a form or tick a box and then confirm it was their actions in a further email.
  3. Audit Trails | Organizations must prove that consent was given in a case when the individual objects to receiving the communication. This means that any data held, must have an audit trail that is time stamped and reports information detailing what the contact opted into and how.  It must also be possible to permanently delete data from your CRM systems.
  4. Purchase marketing lists | The company is responsible for getting the proper consent information, even if a vendor or outsourced partner was responsible for gathering the data.
  5. Trade Shows | In the corporate world, sales people meet potential customers at a trade show, they exchange business cards, and they add the contacts to the company’s mailing list when they come back to the office. In 2018, this will not be possible anymore. Companies will have to look at new ways of collecting trade show prospect information.

To learn more about managing your prospect data, schedule a one-day workshop for Natuvion to build your GDPR road map.

Do we need data privacy consent from individuals to use real data in secondary systems?

Do we need data privacy consent from individuals to use real data in secondary systems?

The best way to eliminate your risk is to anonymize the data in secondary systems.  Anonymizing the data removes the need for data privacy consent and (with proof) removes the systems from GDPR compliance processing, while still providing the data for analysis or testing.