Under new privacy laws, customers who believe their rights have been violated by companies can take legal action. Business owners can find this process difficult. Opening a legal investigation means a long process of retrieving old documents to prove your legal compliance, and any documents that turn out to be incomplete or missing altogether leave a questionable gap in your history. Privacy experts understand this particularly well. With laws like the GDPR ready to penalize any company that mishandles information, business leaders need a reliable way to keep a detailed record that can’t get lost in the filing cabinet.
Fortunately, 4Comply makes gathering privacy-related activities easy for legal teams to review and use as evidence in response to a complaint. The legal activities vault automatically records a detailed log of every legal action taken to fulfill rights requests and manage consent and permissions. Both your company’s actions and the customer’s actions are recorded. No one can edit the stored information, not even 4Comply itself, so you can be confident that your records will never change.
What happens if your company is investigated by privacy authorities? If you’re a 4Comply user, you can easily open your legal vault and show that you fully complied with the law. You can also show when necessary if the customer in question viewed or downloaded their data after you responded to their DSAR. A detailed, unchangeable privacy software record is truly a lifesaver.
Companies are required to fulfill the vast majority of DSARs they receive. But in rare cases, a company will not be able to fulfill a customer’s request.
DSAR refusals are rare and must be tracked carefully. That’s why 4Comply dedicates an entire section of the legal vault to documenting unfulfilled DSARs, or legal activity errors. You can use this section to prove that you attempted to fulfill the DSAR in good faith and for very specific reasons, you were unable to. The record includes:
Remember: if you refuse a DSAR, you may be called upon to defend your decision in court. Never reject a DSAR unless you are confident you can realistically defend your reasoning.
One less common, but just as important, type of DSAR is the right to be forgotten. Customers who make this request want their data purged entirely from your company records so you will no longer consider them a potential lead. This seems easy enough to do. But if a customer challenges you to prove that you’ve forgotten them, you’re in a bind. It’s impossible to prove a negative. Plus, you certainly can’t let them read your entire marketing data record to prove that their information is no longer there. What can you do?
You can try the 4Comply approach, which is to use a “forgotten vault” to keep track of which customers you’ve forgotten. This record stores the absolute minimum amount of customer data to prove that someone has been otherwise “forgotten”, or purged from your systems. It may seem odd to continue storing data on a customer you’ve forgotten. However, this vault exists only as a protective measure for you. If you can prove that you have only kept the minimum amount of data, and that you have stored this data in the forgotten vault, you can reasonably prove that you no longer use a particular customer’s data for marketing purposes. You can also prove that you forgot them after they requested it.
Lawyers uncomfortable with the idea of retaining any data at all from a “forgotten” customer can rest easy knowing that only those with access to the forgotten vault can view its contents. The data is not allowed to be harvested for advertising purposes. It exists solely to protect the company in the event of a legal challenge.
At 4Thought Marketing, we understand that privacy compliance is serious business. Our software is designed not only to make it easier for you to follow privacy regulations, but also to prove that you did your best. Get in touch with us today to upgrade your privacy game.