Data Privacy is HOT

We could not publish the name of the company, but about the process and its importance, absolutely yes!

The challenge of managing customers’ personal data (Data Privacy) should occupy every company, certainly in an era characterized by higher consumer awareness than ever before, alongside regulation that hardens positions and raises the bar of requirements from many entities that manage their customers’ data.

This is the reason why companies in many industries are looking for a professional opinion (from a technological and legal point of view), regarding the way they manage the personal information of customers, and of course regarding the correct work processes in relation to this sensitive data.

We will not be able to state the name of the company, but it is said that it is a large and international technology company, which approached us at the initiative of its Chief Data Officer, and together with the legal department, they were looking for a professional experienced in accompanying and advising other companies around this exact challenge, and also familiar with the technological aspects and work processes relevant to verify correctness and effectiveness in working with the sensitive data.

It is important to emphasize that the field of privacy is not divided into black and white, despite the regulation, and it is probably more correct to describe it as 50 shades of white. There is, of course, a “North Star” regarding what is allowed and prohibited, mainly based on the GDPR or the American equivalent according to the country in which they operate, and still every company and organization is required to verify specifically where they stand on the issue. At stake is not only the data itself, in front of the regulatory requirements, but also what companies want and can do from a business point of view with the data.

In most boardrooms there is a discussion about this very delicate and critical issue: are we being too strict with regards to user privacy, and as a result losing business opportunities? Or alternatively, can they “release” some of the limitations they themselves impose on the work processes and information management to allow businesses more freedom? Although this freedom may come at the expense of risking the users’ privacy?

A bit about our process with that technology company:

We held a series of meetings/interviews, mainly with officials from the technology department, but also with information security officials, the legal department, and business officials (analysts, etc.). Most of the conversations focused on the data architecture of the organization, on the employees’ awareness of the issue of privacy and the existing procedures, on how to implement work processes in relation to what is required in the regulatory aspect, and more.

We also focused on the question: What is PII – Personal Identifiable Information in the eyes of each of the interviewees, how do they classify information details in light of their definition, where is this information stored, how do they monitor the data, who has access to it and more.

We also did not give up on market research designed to examine what is happening in other similar companies in terms of the magnitude of the flow and the number of users (through an examination of public information that exists online as well as conversations with consultants at Strauss, colleagues and other personal connections, as well as rich experience with other companies and organizations. What is the end product of such a process?

The final product is a comprehensive and professional document, which included all the technological and business findings, and of course referred to the guidelines and regulatory requirements in the areas where the company operates. A central focus on detailing and describing the main gaps identified, a concentration of essential recommendations in line with the main gaps, as well as recommendations on quick wins that are not very urgent, but can be implemented relatively easily. A significant part of the product is our reference to the Maturity Level of the company in the field of privacy, an important rating that honestly and directly reflects the position of the company in relation to the industry, the market and the regulatory requirements.

We would be happy to hear about the challenges and thoughts your organization has in the field of privacy protection.

More articles for you

How to Smartly Navigate the AI Revolution: From Tactical Moves to Strategic Organizational Transformation

How to Smartly Navigate the AI Revolution: From Tactical Moves to Strategic Organizational Transformation
continue reading

Turning Crisis into Opportunity – Our 2025 Business and Technology Trends Compass

What key business trends are anticipated for 2025? How will the competitive business and technological landscape evolve across Israel’s sectors? While technology companiesThe past year has been one of the

continue reading

Project versus product management: a perceptual change

Transition to product management: Israel’s National Planning administration in a mindset change The Difference Between Project Management and Product Management, and How the Digital Technologies and Information Division at the

continue reading

All rights reserved to Strauss Strategy 2021 – 2024

Privacy Policy

|

Accessibility statement