Last year the EU started enforcing its General Data Protection Regulation (GDPR). Now, companies that do business in California are preparing for the January 1, 2020, deadline to comply with the California Consumer Privacy Act. These laws are probably among just the first consumer protection regulations that governments and regulatory agencies will enact.
Brian Powers, President and Founder of PactSafe, explains, “Given all the data breaches and ways in which companies and tech giants have tried to leverage user information without their consent in the past, consumers are becoming less trusting. GDPR and CCPA are only the beginning of this rise in regulation.”
“The U.S. is starting to realize that there is only a patchwork of consumer protection laws and that they will need to do more. In fact, it is looking more and more likely that there will be a federal law that will protect consumer data and hold large businesses and tech firms accountable for their data practices,” he says.
Software Features that Support Consumer Protection Regulation Compliance
GDPR drove software developers to look at their applications in new ways, and Powers says this resulted in a variety of new application features that help businesses safeguard and manage data, including:
- The ability to capture and store records of user consent
- Tools that easily integrate with CRM or marketing automation applications
- Tools that give users transparency into what information is being used, how, and by whom
- Features that give consumers the option to opt-out
- Automatic or built-in reporting of data consent and data flows
- A simple process for deleting or removing a user’s data upon request
- Strong data encryption
- Ability to handle thousands of consumer requests per day regarding data collection and use
Depending on the types of software applications you develop and the types and sizes of businesses you serve, it’s possible that your clients are not required to comply with consumer protection regulations — yet. Building consumer data protection features into your applications now, however, will position your ISV business to help your customers comply when the time comes. Powers says some features you can proactively include in your software applications are:
- The ability for your client to capture and record user consent or opt-outs with easy-to-use features for consumers such as checkboxes.
- Clear links to policies where users can see what they’ve consented to and how the business will use their information
- Tools that give a business visibility into the data they are storing, what data, if any, is shared with third-party businesses, and the ability to delete data that’s no longer needed
- Features that allow a business to find all data that pertains to a specific consumer and delete it if requested
He adds that if no one on your team is well-versed in consumer protection regulation compliance, it can be beneficial to work with a risk and compliance consultant to show you changes you’d need to make in your applications so they address consumer data protection.
Shift Your Perspective from “Compliance” to “Best Practices”
When legislators pass regulations and announce enforcement deadlines, it’s easy to get caught up in making your software application line up with the letter of the law. But don’t lose sight of the big picture. The intent of the regulations is to protect consumers and give businesses standards for data management and security.
Taking a critical look at how your application supports responsible, secure data use is a good place to start to give your clients the tools and features they’ll need if they’re subject to consumer protection regulations in the future — but also the ability to apply those best practices today.