Can “Data Stakeholder” thinking be a winning Data Privacy Strategy for Organizations?

Written By Debbie Reynolds

In 2020 I created a five-minute video about Data Privacy and Trust. I introduced the notion of the "Rise of the Individual." The "Rise of the Individual" is an expression of the idea that organizations must always consider obligations to their shareholders but must also come to terms with the fact that individuals, as a result of rapidly evolving regulations, now have a more significant stake in how data about them is managed. Data shareholders are any individuals for whom organizations hold data that may be subject, currently or in the future, to Data Privacy or Data Protection regulations. Thinking of individuals as "data stakeholders", not just consumers or data subjects is the shift businesses must make now to keep up with the growing scale of Data Privacy regulations worldwide and thrive financially as Trust Becomes the New Gold.

There are three key ways organizations can shift to a "data stakeholder" strategy to significantly improve their maturity in Data Privacy, reduce risks, and make Data Privacy a true business advantage. 

Make transparency the norm with "data shareholders"

As a result of the growing number of Data Privacy and Data Protection regulations, organizations often struggle with determining what they should or should not share with "data shareholders." Organizations must come to terms with the fact that data belongs to individuals while organizations are expected to be good stewards of that data. Like anyone would think it was unacceptable to put money in a bank and not receive any details about the money in their account, organizations should expect and act as if they are a "data bank" and are holding and securing data assets for individuals and to act accordingly. When individuals provide data to organizations, those organizations should develop the mindset that transparency will be the norm now and in the future. In this way, organizations can start moving closer to what is expected of them with almost all Data Privacy and Data Protection regulations, no matter where or what jurisdiction their "data stakeholders" reside. 

Reevaluate data collection and data retention of "data shareholders" information 

Organizations' two actions that create the most Data Privacy and Data Protection risks are data collection and retention. Although we know organizations can't eliminate all data collection and data retention, these data risks are significant enough for organizations to reevaluate the data they collect and the data they retain about "data stakeholders". Organizations should ask themselves, "For what purpose are we collecting the "data stakeholders" information?" Often when companies reevaluate their data collection, they find they are collecting too much data that is not relevant to their business purposes. This revelation should prompt organizations to rethink their data collection and make appropriate changes. Organizations should also ask: "How long should we retain information about "data stakeholders"? Data retention is a tough question that does not have an easy answer for organizations. When organizations are clear on the purpose for which data was initially collected, they can then tie data retention periods to the end of the data lifecycle. Data with a low business value often have a high Data Privacy risk. Right-sizing your data retention will reduce Data Privacy risks and reduce cybersecurity risks. Reevaluating data collection and data retention can help organizations create more maturity in their Data Privacy programs while reducing their risks in managing the information of "data stakeholders". 

Consider how information held by the organizations benefits "data shareholders"

Organizations who want to make Data Privacy a true advantage to their bottom line should also ask, "How does the information I hold benefit the "data shareholder"? When organizations possess information about individuals that do not benefit them, this is often a red flag that indicates that this data will create a high risk for organizations and often breeds mistrust by the "data shareholders". Organizations are very savvy to ask how information about individuals benefits the organization, but not enough organizations ask themselves how the information they hold benefits the data stakeholders. When organizations manage data in a way that does not benefit data stakeholders, they risk Data Privacy or Data Protection risks and run the risk of losing "data shareholders" or creating reputational damage due to a lack of trust. 

When organizations use "data shareholder" thinking, they can significantly improve their Data Privacy maturity, build trust, and make Data Privacy a business advantage. 

Do you want to see more original video content on emerging Data Privacy topics? Subscribe to our YouTube channel to get notified about each new video of the week.

Events

  • Want to know where "The Data Diva" is speaking next? Please see our Events page for upcoming speaking engagements.

Our LinkTree

  • Want to see all the relevant links for Debbie Reynolds Consulting? See our LinkTree.

All content is courtesy of Debbie Reynolds Consulting and Data Diva Media

Debbie Reynolds

The Data Diva

https://www.debbiereynoldsconsulting.com/
Previous

What are the Five Fundamentals of Data Privacy and Data Protection Regulations?
Next

Is Trust the new Gold in Data Privacy?