In today’s global digital economy, protecting data privacy is a must. With customers all over the world, every company must be able to demonstrate how they are protecting data privacy to earn the trust of their customers, users, partners and employees.
It starts with these three things.
1. Be transparent and accountable.
Let customers and partners know your commitment. For example, Cisco is committed to helping our customers and partners by protecting and respecting personal data, no matter where it comes from or where it flows. We have established long-standing security, data protection, and privacy programs and are committed to comply with regulations, customers’ needs, and our own corporate code of conduct.
2. Invest in a comprehensive data protection program.
Make sure your data protection program covers data throughout its lifecycle. It begins with security and privacy by design and includes privacy engineering methodology and privacy-enhancing technologies (PETs); managing collection, use, processing, and storage; addressing operational needs such as reporting and oversight; and secure disposition or destruction at end of life.
3. Be vigilant about global regulatory requirements.
Addressing personal data handling requirements across different jurisdictions around the world requires a mature data privacy practice that aligns with industry best practices, customer demands, and regulatory requirements. Being a global data citizen includes awareness and structured flexibility across cultural divides.
With enforcement of the European Union’s General Data Protection Regulation (GDPR), just around the corner (May 25, 2018), Cisco has been getting ready for GDPR across its global enterprise. In addition, to secure a safe and legal transfer of personal data across multiple jurisdictions, Cisco was an early adopter and among the first to achieve Asia Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules system certification. We are also certified under both the EU and Swiss – US Privacy Shield and recently received accreditation under the EU’s Binding Corporate Rules with policies aligned to GDPR.
With an eye to these three things, and a collaborative, risk-based approach to data privacy, companies can focus and respond effectively in an ever more complex and dynamic world.