Intro Compliance Regulation

Data privacy laws are constantly changing. Working to stay compliant with regulations today may not necessarily assure compliance in the future. Concord provides easy compliance tools that bring organizations in line with current regulatory requirements and build trust with users that expect transparent data practices from the brands they engage with.

The Data Privacy Regulation Landscape.

When it comes to data privacy regulations, whether already in effect or on the horizon, businesses achieving compliance has become an arduous task. The ever-evolving privacy landscape demands that organizations not only understand what data protection requirements they must adhere to, but also implement programs to maintain compliance and transparency.

Meanwhile, the relationship between business and the use of personal data is changing dramatically as people react to ongoing news of regular data breaches and abuses. To address the growing data dilemma, regulation in California, the EU, and elsewhere is also forcing brands to reconsider commonplace data enrichment and 3rd party data practices to better meet the demands of privacy for everyone.

Evaluating Consent and Compliance Requirements

Since the introduction of the EU’s General Data Protection Regulation (GDPR) in 2018, dozens of countries have enacted or proposed their own data protection laws to safeguard user privacy. The United States, on the path to adopting a nationwide privacy law, has seen several states pass their own number of regulatory requirements.

Depending on country, region, and individual U.S. State regulations, organizations are required to be aware of and comply with a dizzying array of requirements.

Concord's approach is to automate compliance to existing regulation while giving people visibility into their consent of data use to automate data compliance by design. Particularly important is to evaluate and implement the process of how businesses manage user consent and how data subject access requests (DSARs) are processed.

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
              -EU's General Data Protection Regulation (GDPR) Article 4(11)

Who is Required to Comply?

Depending on the country, region, and individual U.S. state laws, organizations are required to be aware of and comply with a dizzying array of regulatory requirements.

If the variety and depth of regulations across the globe weren't complicated enough, the question of who must comply makes it even more complicated. CCPA is a California regulation but because it is around the rights of people, any company of sufficient size and/or that earns a significant income from the use of data from California residents is required to comply, whether or not they are themselves a California company.

Some regulations are lighter on which organizations must comply, like Maine's “An Act to Protect the Privacy of Online Customer Information”,  while others are broad enough that they even require locally stored data repositories or local legal representation in the case of disputes related to compliance (GDPR for example).

GDPR compliance encompasses entities who are offering goods or services to anyone residing in the EU, even if those services are provided free of cost.
             -https://www.gdpreu.org/the-regulation/who-must-comply/

What are “Compliance” Features?

‘Personal data’ means any information relating to an identified or identifiable natural person.
              -EU's General Data Protection Regulation (GDPR) Article 4(1)

Regulations related to data privacy create rules around disclosure of data use and control into the use of personal data. What makes this even more complicated is that the term "personal" in most regulation is more broadly defined than one would guess. For example, an IP address (a numeric identifier address for a device connected to the internet) is considered personal data because it can be used to trace a person back to their location or even their name and address.

Personal data is generally defined as any data that can be used to identify a person which in many cases includes even personalized web pages, ads, and preferences. EU's GDPR includes its own requirements for disclosure of personal data use including browser cookies and the use of data in analytics.

Each regulation has its own requirements around what needs to be disclosed and what controls people must be given around the use of personal data. California's Consumer Privacy Act (CCPA), which went into enforcement in 2020, includes very specific rights for consumers in regard to their personal information, namely the right to request a full copy of, change and/or delete their data. Since the language and details differ so much between each regulation, the industry has generally referred to features that enable users' requests around data use as Data Subject Access Requests or DSARs, also sometimes called simply DSRs (Data Subject Requests).

What’s needed?

Trust for People and Results for Brands

What’s needed is a solution that brings businesses in line with the current privacy laws and readies them for imminent regulations requiring further compliance.

To accomplish these goals, Concord has developed a data consent platform that brands can invoke within their applications and websites to enable privacy-protected data collection, sharing/preference controls, and regulation-ready compliance features, like DSARs.

The same platform allows people to view what data they have shared across multiple brands, sites, and applications, while also making it easy for them to update their consent preferences at any time. They can easily access this information directly from brand websites and applications.

Concord's approach continually assesses the current regulatory requirements and automates data compliance by design. The approach is to automate compliance to existing regulation while giving people visibility into their consent of data use to automate data compliance by design.

Where and How to Get Started

Access to setup, configuration, and even the code snippets for adding the customized website add-in can all be found within the Concord Administration interface. The Admin experience will guide organizations through the process of setting up projects, adding privacy policies, and more.
Setting Up Your Account

Concord trial offer

If an organization is not yet a Concord customer, limited time trials are also available.
Signing Up for a Free Trial

Consulting is available

Most organizations need some help figuring out what their data strategy is and how they implement the privacy features they need. Concord has an experienced team that provides expert service related to all aspects of data-driven sales, marketing, as well as the related privacy requirements. See our website or contact Concord sales using our phone or chat options to get started today.