Competitors of PrivacyOS
PrivacyOS is a unique solution, but it often faces three insidious “competitors”:
1. the company’s choice not to do anything about Cyber Data Protection;
2. custom solutions, developed in-house or provided by external providers;
3. the management of consents through applications already used by the company, such as CRM.
Before analyzing the various scenarios, a clarification must be made:
The introduction of Cyber Data Protection tools in the company is still hampered by a serious lack of responsibility.
If the Governance planning is responsibility of Legal Dept., and Cyber Security is related to the ICT area, Cyber Data Protection, which worries everyone, is still nobody’s territory.
The problem is that the planning of a Cyber Data Protection project requires the collaboration between Legal and ICT, two departments that are divided by a cultural gap which make the relationship more complicated.
In this stalemate in which no one takes the initiative, the only one able to intervene by creating a bridge between the two skills is the CFO, favoring and promoting the adoption of Cyber Data Protection tools in the company with the aim of reducing the risks of sanctions and loss of brand reputation, and protecting current and future company growth and value.
Procrastinating on securing your consents
Doing nothing is certainly the most tragic scenario (although in some cases it turns out to be the lesser evil and it is better not to do than to do but make things worse…). The GDPR is a very practical Regulation, which asks companies to protect the personal data of the citizens they are dealing with, and not just produce tons of documentation.
There are 2 very good reasons to start handling personal data and consents correctly right away:
Sanctions are triggered by offences on personal data, not on paper governance
GDPR does not work like insurance because it provides for retroactivity
Keeping the problem in-house often seems (inexplicably) the best way forward, but this is never the case.
Developing customised solutions presupposes an understanding on the part of IT staff of all the complications associated with the correct management of Consents, with the difficulties of collaboration described above between Legal and ICT teams. Criticalities and risks that triple if development is delegated to an external provider.
Even if a product is developed GDPR-compliant (of today), it will soon become obsolete when the company no longer invests in updating it (which is very expensive and unlikely).
There are 2 very good reasons why you should not develop in-house (or worse outsource) the system that will manage your company’s consents:
When things do not go as planned and problems start, whose responsibility is it?
GDPR is still fluid and the consent manager needs to be constantly updated (and certified!)
CRM & Co.
CRM is designed to exploit personal data, not to protect them!
And like CRM, all other tools that are designed for business cannot play the ‘double game’ in full conflict of interests: exploiting and protecting personal data at the same time (in case of inspection, how will these applications be credible even in the secondary role of “Data Protector”?).
There are 2 very good reasons not to manage consents with CRM or other marketing or business applications:
CRM or similar tools are not privacy by design; they are useful in business but in data protection management they are bandits!
It is not possible to make these tools play a double game: both doing business and protecting personal data, and above all, they are not credible in case of inspections.