Since the EU General Data Protection Regulation (GDPR) became fully enforceable in 2018, other data protection laws have emerged, making it clear that privacy regulations and laws are here to stay.
The past three years have also been a period of continuous learning and adapting to the new rules with many privacy professionals putting their time and effort into creating support and urgency for privacy programs in their organizations.
Being compliant is not just about avoiding huge fines (and they can go up to €20 million euros or up to 4 % of the total global annual turnover).
If done properly, you can also see benefits from your privacy investment, including operational efficiency, agility, innovation, improved customer relationship, investor appeal, and brand value.
However, no progress comes without struggle. If you can’t manage records of processing activities in excel spreadsheets anymore or realize marketing platforms are not designed to solve consent management challenges, maybe you’ve come to the point where you need to invest in an advanced privacy solution.
When purchasing a privacy solution you want to be sure that you are getting the best value for your money. There are numerous prerequisites that your privacy solution should meet, and we don’t want to imply that you should be constrained to these seven questions.
However, they shouldn’t slip your mind when you are considering a privacy solution. So what questions should you ask?
1. Can software solve your important privacy issues?
If you already know that you need a privacy solution, you have probably identified specific problems you want to solve.
Your privacy software of choice should be a well-rounded solution that allows you to properly manage your consents and data subject requests, manage third parties, and boost collaboration with other departments (among other things), helping you achieve privacy by design.
Partial solutions can cover specific areas, like consent management, but this can seriously limit the expansion of your privacy program and complicate things in the future.
Ideally, a privacy solution should support you throughout the personal data lifecycle (from collection and processing to retention and deletion).
2. Do you need a modular solution?
If your privacy software is designed as a modular solution this means modules can be provisioned or purchased separately.
Therefore you can prioritize your specific problem and build off from it when your organization and team are ready to move to the next step in your compliance journey.
This can be crucial if you employ a small privacy team and can’t tackle all problems at once. It is also initially easier on your privacy budget and allows you to pay only for what you are really using at the moment.
3. On-premise or in a cloud?
Another important question is, do you need SaaS or an on-premise solution? This is primarily a security issue and some heavily regulated industries tend to keep their data internally for those reasons.
For example, banks and financial institutions avoid storing their data in the cloud if there is a chance this will not meet with the approval of their regulators.
They also have dedicated security teams and means to protect their data with appropriate technical and organizational measures.
In other cases, we can argue if storing data on-premise is more secure than storing your data in the cloud.
Cloud service providers are putting enormous efforts into security safeguards since their revenue depends on their ability to provide a secure environment.
When it comes to keeping costs down, opting for a SaaS solution can lower costs over time. However, for organizations with legacy IT systems, moving to the cloud could cause extensive initial costs and resources.
The choice will depend on your needs. For example, Data Privacy Manager is available in both cloud and on-premise.
4. Can you communicate with individuals transparently?
The transparency principle requires open and honest communication with individuals about how you process their data.
This means you should enable individuals to exercise their GDPR rights and notify them about the information you use about them, whether you obtained that information directly from them, or from another source.
Ask yourself if a privacy solution can somehow help you facilitate this endeavor.
For example, by providing your contacts with secure and simple access to their personal data through a self-service interface.
5. Is the privacy solution scalable?
Your preferred privacy solution should keep up with your growing needs. Taking this into consideration can lower your maintenance costs, give you higher agility and a better user experience.
A scalable solution doesn’t need to be redesigned to keep effective performance during an increase in workload. “Scalability isn’t a “bonus feature.” It’s the quality that determines the lifetime value of software, and building with scalability in mind saves both time and money in the long run.”
Can you add more users to your privacy solution? What happens if the number of active records and consents quadruples? What if the data workload multiplies?
A scalable solution should resolve those issues without skipping a beat, maintaining its performance at the same level.
6. Will this privacy solution help you save time?
Introducing new technologies and new platforms can be seen as additional work.
However, one of the main reasons why organizations are looking for a privacy solution is because, after a while, managing GDPR processes manually is taking too much time. It also leaves room for errors and omissions.
Automation of processes is a great timesaver. In the long run, the effort and time you’ve put into setting up the automation initially should pay off.
7. Will this privacy solution evolve over time?
So this you can’t know for sure, but at least you can do your research and ask for the product roadmap.
Privacy today is very different from what it was three years ago. Knowing where the product is going can help you determine if it is evolving in the direction that is aligning with your needs and overall maturity of privacy.
These are not the only questions you should be asking. However, if you see privacy as a serious investment. If you are willing to put time and effort into your own research and supplement these questions with your own, then this is a good start. If you are new to privacy, be sure also to read: