Use a Metadata Service Provider (MSP) like Factern to capture and store the metadata that you need to implement strong data governance:
- Map the location of all Personally Identifiable Information (PII)
- Describe business policy and permissioning models used to govern access to that data
- Record consent in an independent, verifiable and auditable way
- Track all activity related to data access as a complete audit trail
Integrate systems with MSP to enable them to reference data held on other systems within your organisation, by drawing on the metadata stored on the Fact Table:
- Reduce unnecessary duplicate copies of the same data to optimise storage costs and data security
- Create an internal market for attestation services to minimise duplication of due diligence efforts in the organisation
- Demonstrate compliance with "privacy by design"
Develop interface that gives the customer (as data owner) the ability to access and manage the data that you host on their behalf:
- 'Privacy statement' that summarises existing PII, consents given, etc.
- Mechanism for capturing and updating consent
- Channel for request and resolution of Subject Access Requests
Use MSP to increase connectivity with third party service providers
- Implementation of Portability Requests
- Channel for distribution of services (e.g. attestation) to third party service providers
For more information, read Oliver Wyman's point-of-view paper "Future Proofing Privacy".