Automate the Key Elements of Privacy Compliance

Automate the Key Elements of Privacy Compliance


Newport Thomson Home

Automate the Key Elements of Privacy Compliance

At Newport Thomson, many of our clients have required automation to help with various parts of their privacy and data protection compliance programs. Over the years, we have scoured the internet to find practical solutions that truly make a difference and are cost-effective. Here are a few areas where many of our clients have experienced some challenges and solutions we have sourced to solve the problems.

Capturing and Storing records of consent


Consent management is the process of asking people's permission to collect, process and store their data to execute marketing activities. When customers opt-in or subscribe to something the brand offers — be it to receive notifications, newsletters, or offers — they are giving consent. Consent does not exist if an organization cannot PROVE the consent to the authorities.

Preference management is when customers willingly give marketers information about their preferences to receive better, more personalised communication and experiences. This is several notches above consent-led opt-ins, as it allows the marketer to communicate at the time, frequency, channels, and topics the customer prefers. This is not the inferred preference marketers have been working with so far but the customer’s actual stated preference. Such data, offered voluntarily by the customer, is also called zero-party data. Needless to say, it is the strongest kind of first-party data a brand can hope for.

CASSIE by Syrenis is the best of breed software (SaaS) to help an organization capture and operationalize consent. The consumer preference portal is connected to everywhere you store data and is updated of any change of preference in real-time. Preference Management is their primary business, and they have built a secure and powerful platform that helps organizations PROVE consent.


Managing Email Consent


CASL requires consent in order to send a Commercial Electronic Message (CEM - which includes email and SMS text messages). The law does not distinguish between one-to-one cold calling email and your typical bulk marketing or promotional email. They are all CEMs. So how does an organization know if employees are sending CEMs with their corporate email without consent?

RAVEN by DRT Cyber is an exceptional solution. Sitting over top of your email server, if someone attempts to send an email to a person who is not on your white list (the list you can provide clear proof of consent for), they will be asked to manage the email. A simple click brings them to the portal where they can fill in the nature of the relationship, the type of consent AND where the proof is stored. The system will then release the email. RAVEN ensures your staff are not spamming on behalf of your brand.




Cookie Notification

It is respectful to let your website visitors know which cookies your organization deploys and how that data is used. CLYM.IO is a powerful solution that is cheap, easy to use and very easy to 

implement. It also helps manage your Privacy Statement as well as track Data Subject Requests so your team can manage them within the time frame allowed by the law. Every organization should be able to prove they have consent and be open and transparent with their website visitors. CASSIE also has a cookie management module to capture consent and notify your visitors of the details (what you collect and what you do with it).



Tracking Compliance Gaps - SafeGaurd Privacy


Safeguard Privacy is a platform designed to create, store and manage all privacy compliance documents, including dashboards to provide details of any compliance gaps your organization may have. For example, an organization can buy a license for GDPR compliance. All dashboard information would compare your actual privacy management program details against the actual law, providing a clear list of gaps that require attention in order to achieve compliance.
 




Privacy Incident Notification Plan


We are in the process of building an automated tool to help create the plan and house the required Breach Registry where an organization can log all privacy and security breaches.



    • Related Articles

    • Privacy Policy Example

      Portage Strategies Privacy Policy Example PRIVACY NOTICE Last updated April 15, 2022 This privacy notice for Portage Strategies Ltd. (" Company ," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") ...
    • 25 New Corporate Privacy & Data Protection Obligations in Canada

      25 New Corporate Privacy & Data Protection Obligations in Canada February 4, 2022 By Derek Lackey Bill 64, Quebec Bill 64 No Comments There are 98 Sections to the ACT RESPECTING THE PROTECTION OF PERSONAL INFORMATION IN THE PRIVATE SECTOR that were ...
    • Privacy Review

      Privacy Review of Your Current Data Processing & Privacy Practices ​ The first step of any Compliance Program is to determine the current practices of the organization. For CASL, we would need to understand your current electronic communication ...
    • Newport Thomson GDPR Compliance Programs

      GDPR Compliance™ A comprehensive process with integrated technology and knowledge based staff training to ensure that your organization's data collection, storage and processing practices are compliant with the stringent laws. We know the law. We ...
    • Newport Thomson CASL Compliance Programs

      Newport Thomson Compliance Programs CASL CRTC has communicated what is required in order to claim a due diligence defence. A fully compliant program is detailed in Bulletin CRTC 2014-326 including: Senior management involvement Risk assessment ...