The growth in global privacy regulation has created an immense headache for thousands of businesses – and, thus, an immense opportunity for systems that offer relief. Small businesses in particular need simple, low-cost solutions to comply with rules that require gathering consumer consent to data collection and giving consumers access to data that’s been collected. An ideal small-business solution leads users through the set-up process without requiring technical skills or expertise in privacy rules. (Come to think of it, so does an ideal large-business solution.)
Seers is one of many vendors addressing this market. Its core products are systems to collect cookie consent and data access requests. It supplements these with products for access request fulfillment, data privacy impact assessments, GDPR compliance assessment, data breach reporting, policy creation, data discovery, and on-demand privacy training. Several of the products are engineered to support mid-size and large enterprises as well as small business.
Set-up of the Seers consent manager follows step-by-step process. It starts with the user specifying the domain to be supported. The system then automatically scans this domain to identify the cookies and scripts currently installed. It will later compare the results to a list of hundreds of cookies that Seers has evaluated and classified, and generate a list of the specific cookie consent requests the site must present to visitors. Before this step, users set preferences for the cookie banner appearance, cookie policy URL, treatment of unconsented visitors, and other options. The interface includes handy explanations of each item so that users can make informed choices. The system will detect site visitor location and can use this to present consents in 30 local languages and in different formats for GDPR, California’s CCDP, and Brazil’s LGPD.
Once settings are complete, Seers will generate code to insert in the user’s Web site to deploy the consent system. It will then keep track of consents as these are received, providing an audit trail should documentation be needed. The system will regularly rescan the user’s Web site to identify the cookies currently in use and adjust the cookie consent table accordingly. A limited free version is available and the full module starts at $9 per month for a single Web domain.
Seers’ other main customer-facing module is Subject Request Management, which offers a portal that lets customers ask to see, change, or delete data a company holds about them. This is similarly easy to configure, letting users control the appearance, identify verification requirements, and other options. It feeds requests into a queue which lets users manually assign them to departments and individuals for resolution, tracks their status, and stores notes and attachments. Again, a limited free version is available while a single-user full version costs just under $50 per year.
Seers also offers a large number of interactive templates, assessments, and policy generators. These lead users through processes including data privacy impact assessment (DPIA), privacy policy creation, and GDPR compliance assessment. The ones I saw were all easy to follow and included impressive amounts of information. The privacy impact assessment module is priced at $46.99 per year while most of the other tools are bundled into a package starting at $129.99 one-time fee.
So far so good. I really liked what I saw from Seers. But there are gaps in its product line that mean most companies would need additional products for a complete solution. The company is closing one gap with a data discovery tool, now in beta and set for July release, which will let users build an inventory of personal data is stored in its systems. The first release, at least, will be limited to having users review field names and mapping these to standard categories. One nice touch is that the inventory will connect with data subject requests, so the system will be able to automatically pull information about an individual. But field names are not an entirely reliable source of information and Seers does not have the data scanning capabilities of a system like BigID.
Other gaps include consent management beyond cookie consent; records of processing activity (ROPA) reports; ensuring that processing is legally justified; monitoring vendors who process company data; and automatic policy updates as rules change. Whether you need these depends on what other resources you have available. But they’re all required under current privacy regulations.
No comments:
Post a Comment