The Path to Compliance

Step 1: Establishment.

Create an actionable plan.

Before anything else, preparation is the key to success. Making a plan without the right tools or partners will not deliver success. Syrenis have partners Worldwide who are ready to build a plan to deliver a global consent and marketing preference solution using Cassie.

Establish privacy governance by drafting a strategy, forming a team and building awareness.

Accountability is one of the data protection principles - it makes you responsible for complying with the relevant data privacy legislation and says that you must be able to demonstrate your compliance. You need to put in place appropriate technical and organisational measures to meet the requirements of accountability. There are a number of measures that you can, and in some cases must take.

Understand the individual privacy laws that affect your organisations. This is determined by customers location, not the business.

Syrenis have partnered with leading data privacy practices globally. Having local experts in key territories enables you to be a breast of legislation, local to you and your customers.

Carry out review on privacy notices and governance, identify gaps and update to relevant compliance legislations.

The obligations that accountability places on you are ongoing – you cannot simply sign-off a particular processing operation as ‘accountable’ and move on. You must review the measures you implement at appropriate intervals to ensure that they remain effective. You should update measures that are no longer fit for purpose. If you regularly change what you do with personal data, or the types of information that you collect, you should review and update your measures frequently, remembering to document what you do and why.

Make sure procedures cover all individuals rights, including what data you can and cannot keep and how long you can keep it.

Accountability is not just about being answerable to a regulator; you must also demonstrate your compliance to individuals. Amongst other things, individuals have the right to be informed about what personal data you collect, why you use it, how long you hold this for and who you share it with. You therefore need to find effective ways to provide information to people about what you do with their personal data, and explain and review as an ongoing process.

Carefully selected for their expertise.

If you're at the beginning of your path to compliance journey we recommend working with our specially selected partners who are perfectly positioned to advise on the best software stack for your organisation's unique requirements. If you'd like to learn more about our partners and what they do, please click here.

Step 2: Data Identification.

Create a central inventory of data flow and processes.

To comply with Article 30 of GDPR and to have good governance, it is important to identify all areas of your business that store and process PII. This inventory of data and processing will be key to later stages of the compliance project.   

Whilst producing an audit is required for your records, it is more important to tie the actual processing activity to your data. Most solutions allow you to document the process but don’t verify the process. Cassie’s RoPA module allows clients to produce an inventory of PII and the processes. Critically though, these processes are tied to the actual data processing. All Cassies data collection points integrate into RoPA providing a real time view of your data.

Step 3: Data Processing.

Introduce a centralised DPIA process and workflow.

Alongside the identification of processing activities, each time data is being processed, a Data Processing Impact Assessment must be undertaken. Globally there are differing requirements for this process. Once this workflow process has been undertaken and agreed, the DPIA should be associated with the processing activities.

Cassie firstly allows you to define the Impact Assessment workflow and then attach that agreed process to the data processing activities throughout the solution. This provides a full audit trail. 

Step 4: Cookies.

Ensure that your first interaction with your customers and prospects is compliant.

Regulation requires website owners to gain consent before the pre-loading of ‘cookies’. This consent should be available at a granular level and include other tracking technologies such as beacons and pixel tracking. Cassie is designed to manage the complete consent journey of your data subjects from their first anonymous visit to your website. The Cassie Cookie Module manages how your business can implement a compliant Cookie Banner to manage the consent prior to loading any cookies. Whilst all solutions look the same, it is important to understand the differences and why they may be important to you.

Step 5: Consent Collection.

Consent & Preference Management data collection.

How you integrate your consent collection into your organisations eco-system is key when selecting a CMP.

Cassie is designed to manage the PII and Consent and Preferences that are collected by an organisation across their entire eco system. Cassie consolidates this into a singular virtual record of the truth but with the added advantage that every change to this information is captured in real-time also.

Cassie then plays a pivotal role in supplying this data to all other systems that need that data. This includes CRM, Marketing platforms and e-mail providers for example. The Cassie Connector service manages all of this centrally and within the control of our clients.

Step 6: Data Identification.

Data Subject Portal.

To ensure your users have full control of their data – ensuring a Data Subject Portal is accessible furthers the compliance journey and enable you to create brand trust through consent.

Cassie’s Data Subject Portal allows your users to manage their own preferences in a dedicated portal in real-time. The portal is fully customisable with your CSS skins, creating a consistent brand experience.

Offline integration with your customer service teams.

Real-time management of information and preferences for internal teams is integral when picking an auditable CPM solution. Considering how the solution will integrate with you current CRM systems is just as crucial.

By adding the Data Subject Portal to the Cassie platform, will allow you to reduce the risk of data exposure or overwriting by configuring it to your requirements. Cassie’s advanced integrations with your CRM systems will ensure your siloed databases are accurate and in sync in real-time.

Data Subject Access Requests.

Global regulations grant individuals the right to access their personal information from organisations so they can understand what data is held and how it’s used, for lawful processing. A request to access personal information is known commonly as a Data Subject Access Request. An individual can make a DSAR to you verbally or in writing. It can also be made to any part of your organisation (including social media) and does not have to be to a specific person or contact point.

With Cassie you can manage DSARs and consolidate all consumer requests into one centralised portal. Easily manage and process requests from multiple regions and deliver personal information efficiently to your Data Subjects.

Step 7: Regulation.

Audit & Reporting.

Compliance data protection audits are prevalent in the current security threat landscape. With the everchanging regulatory privacy laws and industry standards becoming more complex, audit and reporting can be the most challenging part of compliance.

Our consent management platform enables your Data Subjects to update their data in real-time, granting your organisation the benefit of a live and transparent audit history. Consequently, any Subject Access Requests can quickly be addressed in-line with Privacy Law requirements.

As Cassie is a specialist consent and preference management solution, we have an array of global partners that we carefully selected for their expertise within the privacy and compliance sector to help support your path to compliance journey. If you would like more information on how to be globally compliant with the latest privacy regulations reach out to our team of experts today and we will happily assist you on your path to compliance.

Latest Regulatory News.

Read the latest regulatory news by visiting our articles, if you’d like any specific information regarding your region please feel free to get in touch with us.

Syrenis Featured in Gartner’s 2020 Market Guide for Consent & Preference Management

We are delighted to announce that Syrenis and CASSIE have been recognised as a leading vendor and product in Gartner’s 2020 Market Guide for Consent & Preference Management. This is our second appearance in Gartner’s annual flagship report on the consent and preference space, and a further acknowledgement of CASSIE’s position as a leading enterprise privacy solution.

Syrenis recognised as an overall leader in Privacy and Consent Management by KuppingerCole Analysts

Syrenis Ltd has been recognised as a product, innovation and overall leader as part of KuppingerCole Analysts 2020 Report for Privacy and Consent Management.

Syrenis in the UK’s top 100 Northern Tech Awards

Syrenis Ltd has been awarded a spot in the Top 100 Northern Tech Awards 2020. Once a year the Northern Tech Awards shines a light upon the leading technology businesses headquartered in the North of England and Scotland.

Trusted by.

Cassie software is trusted by and powers many leading enterprises and governments across the globe including: