Compliance and Cassie
The steps to success
- Step 1: Establishment
- Step 2: Data Identification
- Step 3: Data Processing
- Step 4: Cookie Compliance
- Step 5: Consent Collection
- Step 6: Data Identification
- Step 7: Regulation
Before anything else, preparation is the key to success. Making a plan without the right tools or partners will not deliver success. Syrenis have partners Worldwide who are ready to build a plan to deliver a global consent and marketing preference solution using Cassie.
Accountability is one of the data protection principles - it makes you responsible for complying with the relevant data privacy legislation and says that you must be able to demonstrate your compliance. You need to put in place appropriate technical and organisational measures to meet the requirements of accountability. There are a number of measures that you can, and in some cases must take.
Syrenis have partnered with leading data privacy practices globally. Having local experts in key territories enables you to be a breast of legislation, local to you and your customers.
The obligations that accountability places on you are ongoing – you cannot simply sign-off a particular processing operation as ‘accountable’ and move on. You must review the measures you implement at appropriate intervals to ensure that they remain effective. You should update measures that are no longer fit for purpose. If you regularly change what you do with personal data, or the types of information that you collect, you should review and update your measures frequently, remembering to document what you do and why.
Accountability is not just about being answerable to a regulator; you must also demonstrate your compliance to individuals. Amongst other things, individuals have the right to be informed about what personal data you collect, why you use it, how long you hold this for and who you share it with. You therefore need to find effective ways to provide information to people about what you do with their personal data, and explain and review as an ongoing process.
If you're at the beginning of your path to compliance journey we recommend working with our specially selected partners who are perfectly positioned to advise on the best software stack for your organisation's unique requirements. If you'd like to learn more about our partners and what they do, please click here.
To comply with Article 30 of GDPR and to have good governance, it is important to identify all areas of your business that store and process PII. This inventory of data and processing will be key to later stages of the compliance project.
Whilst producing an audit is required for your records, it is more important to tie the actual processing activity to your data. Most solutions allow you to document the process but don’t verify the process. Cassie’s RoPA module allows clients to produce an inventory of PII and the processes. Critically though, these processes are tied to the actual data processing. All Cassies data collection points integrate into RoPA providing a real time view of your data.
Alongside the identification of processing activities, each time data is being processed, a Data Processing Impact Assessment must be undertaken. Globally there are differing requirements for this process. Once this workflow process has been undertaken and agreed, the DPIA should be associated with the processing activities.
Cassie firstly allows you to define the Impact Assessment workflow and then attach that agreed process to the data processing activities throughout the solution. This provides a full audit trail.
Regulation requires website owners to gain consent before the pre-loading of ‘cookies’. This consent should be available at a granular level and include other tracking technologies such as beacons and pixel tracking. Cassie is designed to manage the complete consent journey of your data subjects from their first anonymous visit to your website. The Cassie Cookie Module manages how your business can implement a compliant Cookie Banner to manage the consent prior to loading any cookies. Whilst all solutions look the same, it is important to understand the differences and why they may be important to you.
How you integrate your consent collection into your organisations eco-system is key when selecting a CMP.
Cassie is designed to manage the PII and Consent and Preferences that are collected by an organisation across their entire eco system. Cassie consolidates this into a singular virtual record of the truth but with the added advantage that every change to this information is captured in real-time also.
Cassie then plays a pivotal role in supplying this data to all other systems that need that data. This includes CRM, Marketing platforms and e-mail providers for example. The Cassie Connector service manages all of this centrally and within the control of our clients.
To ensure your users have full control of their data – ensuring a Data Subject Portal is accessible furthers the compliance journey and enable you to create brand trust through consent.
Cassie’s Data Subject Portal allows your users to manage their own preferences in a dedicated portal in real-time. The portal is fully customisable with your CSS skins, creating a consistent brand experience.
Real-time management of information and preferences for internal teams is integral when picking an auditable CPM solution. Considering how the solution will integrate with you current CRM systems is just as crucial.
By adding the Data Subject Portal to the Cassie platform, will allow you to reduce the risk of data exposure or overwriting by configuring it to your requirements. Cassie’s advanced integrations with your CRM systems will ensure your siloed databases are accurate and in sync in real-time.
Global regulations grant individuals the right to access their personal information from organisations so they can understand what data is held and how it’s used, for lawful processing. A request to access personal information is known commonly as a Data Subject Access Request. An individual can make a DSAR to you verbally or in writing. It can also be made to any part of your organisation (including social media) and does not have to be to a specific person or contact point.
With Cassie you can manage DSARs and consolidate all consumer requests into one centralised portal. Easily manage and process requests from multiple regions and deliver personal information efficiently to your data subjects.
Compliance data protection audits are prevalent in the current security threat landscape. With the everchanging regulatory privacy laws and industry standards becoming more complex, audit and reporting can be the most challenging part of compliance.
Our consent management platform enables your Data Subjects to update their data in real-time, granting your organisation the benefit of a live and transparent audit history. Consequently, any Subject Access Requests can quickly be addressed in-line with Privacy Law requirements.