Are you compliant? Small business or enterprise, locally focused or international, consumer privacy regulations are affecting your business as we speak.
Data privacy and consumer consent have been business buzzwords for the past few years.
With the General Data Protection Regulation (GDPR) in full effect in the European Union for over a year now, and dozens of other countries and jurisdictions establishing similar regulations, the need for privacy management software can no longer be reserved for enterprise-level companies in the European Union.
This new environment of privacy regulation has given way to new innovations in security and compliance software.
New regulations fueled a boom in GDPR compliance software, which helps identify sensitive information and ensures it’s handled and stored securely. Marketing automation leaders have begun embracing these regulations as a way to build trust and strengthen customer engagement.
It’s a lot to take in. But before you get discouraged, let’s step back and answer two primary questions:
- What is GDPR and how does it affect your business?
- What are the new and disruptive technologies changing the privacy and compliance game?
Question 1: What is GDPR and how does it affect your business?
Enacted in May 2018, GDPR regulates the processing of the personal data of individuals in the European Union.
This personal data stretches past a person’s name and date of birth. As listed on the EU website, it includes:
- Names (first or last)
- Home address
- Email addresses such as firstname.lastname@example.org
- Identification card numbers
- Location data (e.g., location data on mobile phones)
- Internet Protocol (IP) addresses
- A cookie ID
- Advertising identifiers for mobile phones
- Data held by a hospital or doctor
The far-reaching scope of this definition leaves many U.S.-based businesses liable for GDPR compliance. Every local bookshop and mom-and-pop jewelry store that has ever shipped its goods to a customer in the European Union is responsible for complying with GDPR.
Microsoft reports that since GDPR went into effect, of the more than 5 million people from 200 countries that have used Microsoft’s privacy tools to manage their data, the largest number of people come from the United States.
Looking for an in-depth breakdown of GDPR?
Software, GDPR, and you
So what does this mean for your business? How do you ensure you’re handling your customers’ personal data in ways that comply with these privacy regulations?
Don’t panic: There’s software for that.
There is a long history of software vendors helping businesses keep up with privacy laws and regulations. For decades, compliance software has helped both U.S. and international companies navigate their interactions with government agencies such as the FDA and OSHA, as well as with ongoing tasks such as audit trail management.
The recent uptick in data privacy regulations such as GDPR has spawned a new niche within this compliance software market: GDPR-specific compliance software.
Question 2: What are the new and disruptive technologies changing the privacy and compliance game?
Let’s take a look at a few of these new, disruptive technologies.
Below, we’ll give a quick overview of a few new software options, ask what challenges they’re facing, and consider who should be paying attention.
This list is presented in alphabetical order. For a full breakdown of the methodology for this report, click here.
3 new software options for data security compliance
Overview: Founded in 2018, EComply is GDPR compliance software geared specifically toward small and midsize businesses. This software guides users through the processes required to record and demonstrate GDPR compliance, including managing data collection and vendor consent.
EComply also lets users respond to regulatory authorities and audits with auto-generated, up-to-date and valid GDPR documentation with one click.
One of EComply’s most exciting features is its ability to assign compliance goals and steps to the individual departments within a company that handles customers’ personal data. This allows HR, marketing, and finance teams to collaborate and ensure compliance using a central system.
Challenges: EComply is a young company still building out its user experience. Reviewers frequently note that the system still lacks a few of the modules and templates necessary for achieving full GDPR compliance.
Who should care: If your business is looking for step-by-step GDPR compliance software that walks you through maintaining the records of your data processing activities, EComply is worth a look.
Process activities selection application in EComply (Source)
Overview: GDPR365 is cloud-based software that assesses the status of GDPR compliance and allows businesses to create a compliance road map to navigate regulations and document their efforts.
The cloud-based interface is designed to allow users to manage all data protection processes from any device. The system integrates with employee directories and enables access for multiple users.
Centralized record-keeping tools ensure that a complete audit trail is maintained, and the status tool displays the organization’s progress towards full compliance.
Challenges: GDPR365’s pricing model escalates based on your employee count. Small businesses with more than nine employees may struggle to afford the price tag.
Who should care: If your business is looking for a user-friendly GDPR compliance software option with excellent customer service, it’s time to check out GDPR365.
Webpage privacy notice builder in GDPR365 (Source)
3. Logic Gate
Overview: LogicGate’s workflow and automation platform provides a simple, streamlined interface to help your organization rapidly implement the new standards necessary to achieve GDPR compliance, including data storage and protection requirements, data processing activity records, requests for removal, and data breach response.
With LogicGate, users can drag-and-drop to build complex workflows and create custom logic to route tasks. Managers can create processes from scratch using the intuitive user interface and application templates that solve a variety of common business issues in areas such as GRC (governance, risk management, and compliance), operations, legal, and IT.
Challenges: This software’s robust, visually oriented building blocks come with a minor trade-off: without options to customize/change the code, LogicGate may fall a little short for users seeking a customizable solution.
Who should care: If your business is looking for intuitive GDPR compliance software that you don’t have to be a software developer to use, LogicGate is worth considering.
Policy assessment portal in LogicGate (Source)
Data privacy is an evolving industry
It’s important to remember that this is a new and evolving industry. In addition to GDPR, U.S.-based companies should check out applicable state laws and regulations. While there is currently no federally instituted data privacy law, all 50 U.S. states have their own unique data privacy laws.
These regulations vary significantly in terms of scope, but the strictest among them is the recent California Consumer Privacy Act (CCPA), which has many provisions that overlap with GDPR. CCPR was signed into law in June of 2018.
How is your business addressing privacy regulation? For additional resources on emerging technologies that might affect your business, check out the links below:
Note: The applications selected in this article are examples to show a feature in context and are not intended as endorsements or recommendations. They have been obtained from sources believed to be reliable at the time of publication.
This research does not constitute an exhaustive list of products in any given market, but rather is designed to highlight disruptive and innovative products and vendors. Capterra disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
To be considered for this report, products must be less than five years old, and available for purchase for at least six months at the time of publishing. The vendor must have served clients in the U.S. and offer the product on a standalone basis. Products must be dedicated GDPR compliance solutions. Any products deemed to be focused on general compliance were removed from consideration.
The information contained in this report has been obtained from sources believed to be reliable. This report neither represents the views of, nor constitute an endorsement by, Capterra or its affiliates.
Looking for Data Entry software? Check out Capterra's list of the best Data Entry software solutions.