Support

The safeguarding of consumers' rights, ensuring full visibility of how their data is being used, and building personalised control mechanisms by design.

Explanation

1. Furnishing individuals or entities with pertinent information regarding their rights and obligations
2. Offering advice and guidance on adhering to data protection laws and regulations
3. Aiding individuals in filing complaints relating to infringements
4. Extending technical assistance, particularly concerning organisations
5. Delivering training sessions and educational resources to both individuals and organisations

Best Practice

1. Develop and communicate clear and concise privacy policies
2. Practice transparency by providing individuals with clear information about the purpose of data collection
3. Establish a well-defined Data Subject Access Request (DSAR) Process to handle data subject access requests
4. Implement privacy by design and default principles, which involve integrating privacy considerations into the design and operation of systems, processes, and services.
5. Train employees and raise awareness about data protection obligations, best practices, and the organization's privacy policies
6. Develop an incident response plan that outlines steps to be taken in the event of a data breach or privacy incident.
7. Appoint a Data Protection Officer (DPO) or a privacy lead responsible for overseeing data protection efforts within the organisation.
8. Conduct regular privacy audits and assessments to evaluate compliance with data protection regulations.
9. Implement a robust vendor management process to assess the data protection practices of third-party vendors and service providers
10. Continuously monitor changes in data protection laws and regulations and adapt organisational practices accordingly.

How We Measure

1. Privacy policy audit
2. Audit trail of consent given (type of consent, date, channel)
3. Data architecture and activation audit

Examples:

1. At the point of data subjects sharing their data they need to be presented with all the relevant documents and information to provide full information on how their data will be collected and used (privacy policy link, data management disclaimer, T&Cs)
2. The Privacy policy documents needs to include information on how each type of data is collected and used:
• Observed data - data subject attributes are directly observed
• Declared - data subject attributes are self-reported
• Derived - data subject attributes are computed based on other known fields on the record
• Inferred - data subject attributes are determined from business rules
• Modelled - data subject attributes are calculator using an algorithm ie lead scoring
3. The data subjects need to be informed when or immediately after signing up on how they can terminate the data sharing agreement (unsubscribe, request for data to be deleted)