New privacy regulations are dramatically changing the atmosphere around business data and communications. What was once a mad rush to leverage consumer data is becoming a panicked effort to ensure security and maintain consumer trust.

The European Union’s GDPR (General Data Protection Regulation—in effect since May 2018) and the CCPA (California Consumer Privacy Act of 2018—in a look-back period to 1 Jan 2019) give consumers rights regarding their personal data—and require companies to expend serious effort and resources to manage that data—or pay the price in dollars and reputation damage.

Reputations have already been hurt at Facebook, Target, and other organizations that have suffered breaches or been cavalier with consumer data. Trust is ineffable but losing it can be fatal.

Financial penalties: In the case of GDPR, penalties are stiff: €20 million or 4 percent of gross income. In the case of CCPA, penalties are less ($7500 for intentional violations), but consumers can seek damages under the law, which opens companies up to a world of potential hurt.

If personal data collection makes consumers feel that they’re being watched, now companies are learning what that feeling is like as they come under more and more scrutiny from enforcement agencies and consumers themselves. The best way to ensure your data safety: ask the right questions.

1. Why are we holding this personal data? Have a good reason for holding consumer data—and be transparent. That means monitoring social media for third-party vendor activities as well.

2. Why was it originally gathered? Know why you collected consumer data in the first place—and be able to defend your answer.

3. How did we get it? Make sure you collected only the data needed for the purposes specified at the time of collection.

4. How long has it been held? When your need for specific data goes away, make the data go away, too.

5. Is the data shared with any third parties? Open platforms make this a difficult—and essential—question. A comprehensive audit of your digital landscape is the only way to provide sufficient answers.

6. How secure is the data in terms of accessibility and encryption? As cyber risk grows and methods become more sophisticated, it goes without saying that you must stay abreast of the latest cybersecurity tools and techniques. 

Managing consumer data is a daunting challenge. And there are no short cuts. The organizations that succeed will approach compliance holistically, with a task force or working group that cuts across functions, will maintain transparency, and will make sure all employees understand the consequences of failure.