/ Asahi/Guangzhou, February 18, 2022 -- With the introduction of a series of data management regulations, including the Network Security Law, the Data Security Law and the Personal Information Protection Law, compliant data management has become a new challenge for enterprise data business. Since the implementation of the National Personal Information Protection Law of the People's Republic of China on November 1, 2021, the regulatory authorities have carried out extensive supervision and investigation on a large number of data violations, such as the collection of users' personal information required in non-service scenarios and the high frequency of requests for permission. The situation of easy access to data and arbitrary abuse in the past will be comprehensively reformed.
There are now stricter standards for companies on how to collect personal information data to obtain user consent, and how to manage user consent authorization and the scope of data application. Data compliance will become the top priority in the standardized operation of enterprise digital business.
To assist brand customers in being responsive to national policies regarding data compliance, Whale's strategy should provide a platform for Privacy Compliance and Preference Management. As a data privacy management platform for customers, this platform can realize data collection and management, which can not only make customers' applications comply with personal information protection law, increase users' trust, but also improve product transparency. With the implementation of relevant laws and regulations, the release of Whale Curtain Strategy's "Privacy Compliance Platform" will further promote the standardized operation and development of enterprise data compliance and other overall data business.
Whale Strategy "Privacy Compliance Platform" will assist customers to prove data acquisition compliance through data privacy management, consent and preference management platform integrated with the enterprise's own system, so that every marketing operation of the enterprise is transparent and compliant.
01 Whale strategy "Privacy compliance platform" five points
Online and offline compliance
After consumers agree to the User Agreement offline, offline data will be connected to online and approved by the platform.
Cross-platform universal
After consumers agree that part of the information on One platform is obtained by the brand, they associate the operation of the same user on different platforms with one-ID. The information is universal across all platforms and does not require repeated consent of users on different platforms.
Privacy policy pop-up window to enhance user trust
Whale Strategy Privacy Compliance Platform allows you to change only one line of code in the embedded SDK, which allows your client's application to comply with the personal Information Protection Act, while increasing user trust and product transparency. In terms of the popup of user privacy policy, the user behavior data will be collected only when the user agrees, and an event agreed by the user will be reported and displayed on the data Kanban. If the user chooses to reject, no user behavior data is collected, and a user rejection event is reported and displayed on the data Kanban.
Background editing and modification, convenient fast and flexible
Provides the privacy policy popover content editing function, when updating the privacy policy, you can freely adjust the information in the popover without sending the version again.
Real-time data Kanban, continuous optimization design
Provide data Kanban, let you know the privacy policy consent status in real time, combined with content editing function, continuous optimization of pop-up design. Content modification background can modify the privacy policy pop-up title, content, read more whether to open, read more links. Data Kanban can be integrated in the background management page to facilitate the implementation of understanding user privacy policy consent.
02 Digital Asset management system ensures content compliance
When brands upload content in Whale's Digital Asset Management system, in addition to manually checking whether the content meets the brand's requirements, AI capabilities will automatically extract the text and body content of uploaded pictures and videos. Check with advertising law, privacy protection law and other relevant laws and regulations.
When the AI verifies that the content does not comply with the advertising law, the content will be stored in the library and a pop-up prompt will appear; When illegal content is detected, a warning pops up, and the image or video content cannot be stored in the library.
03 Risks of enterprise data compliance
1. Violation of personal privacy and illegal data collection
Before use, some domestic apps will request various authorization from users, such as location information, address book, camera, recording rights and other data collection behaviors, including illegal private collection, excessive collection, beyond the scope of collection of user data information, compulsory authorization, unreasonable request for user rights, frequent harassment and infringement of user rights. For example, without the consent of the user, automatically open the collection of geographical location, ID number, face, fingerprint, read the address book, use the camera, enable recording and other functions unrelated to the service; In the process of asking for data or authorization, there may be data compliance risks that infringe on personal information.
2. User data leakage and infringement of trade secrets
Trade secrets are important data of an enterprise. Business data that can bring value to the company, such as customer list, can constitute the business secrets of the company. When enterprises carry out data collection, storage, transmission, processing, use and other data activities, there may be user data leakage events. On the one hand, the enterprise's own data security protection system has loopholes, key information infrastructure is easy to be invaded and destroyed, and the data is exposed to the risk of sunlight. On the one hand, enterprise employees intentionally or negligently disclose user data; There is also a possibility that external forces or personnel of the enterprise use Trojan horses, viruses, crawlers and other computer network technical measures to launch attacks on the data system of the target enterprise and steal user data. Leakage of these important data will violate business secrets. In addition to the illegal acquisition and disclosure of personal information, illegal provision and refusal to provide is also the type of enterprise data risk.
3. Illegal use of data and unfair competition
In order to maximize their own commercial interests, business operators make maximum commercial use of the illegally collected personal information of consumers, pursue maximum available profits, illegally use user data, and seriously violate users' legitimate rights and interests. The behavior of infringing others' data may also constitute unfair competition and bring litigation risks to enterprises.
4. False publicity and advertising
We often say that "brushing orders and trading letters" is the most common manifestation, that is, to increase the transaction volume and improve the reputation of the store by brushing orders. "Brushing orders and trading letters" means "fictitious transactions" and using the fictitious transactions to carry out "false publicity". Such behavior violates the Anti-Unfair Competition Law and the E-commerce Law, and may lead to administrative penalties for the enterprise.
How should enterprises implement data compliance management?
1. Enterprises shall effectively inform users and obtain consent when collecting personal information. The sources and ways of obtaining data need to be compliant. For example, the ways of informing users, obtaining users' consent and authorization, adding "individual consent" and improving users' consent rate need to be legal and compliant.
2. Enterprises need to respond in time to the rights of the subject of personal information. The Individual Protection Law establishes the basic rights of the information subject (the person whose information is collected). Therefore, enterprises need to establish a mechanism to facilitate users, such as providing some channels as convenient entrances to accept and process users' applications for exercising rights.
3. When making automatic decisions, enterprises should ensure the fairness of decisions and convenient rejection by users. The law makes it clear that individuals are unfairly discriminating in terms of trading terms, which is tantamount to prohibiting "big data killing" and giving consumers the right to accept automated decisions.
4. When enterprises deal with personal information, sharing and third-party cooperation need to pay attention to risks. Pay attention to third-party data source compliance: including the legal compliance of external data provision and the audit and evaluation mechanism for data providers, such as the audit of the personal information collection behavior of third-party access automated tools, and timely cut off access if it is found to exceed the agreed behavior.
5. Companies need to be more careful when handling "sensitive personal information". Before handling "sensitive personal information", enterprises should carry out a risk assessment of the impact of personal information protection. This can help enterprises adopt appropriate security measures to ensure their compliance with personal information protection. Including the type of information collected by users, the purpose of use, the retention period, restrictions, etc., personal information can be collected and used with the consent of users.
Driven by the digital wave, Whale Strategy actively explores the construction of enterprise digital supply chain through technologies such as Internet of Things, big data and artificial intelligence. As digital transformation enters the deep water area, Whale's strategy will help customers to clarify the "red line" of data security, assist the compliance of the whole process of business data management, effectively ensure data security, jointly make positive responses for the network security, data security and protection of personal information rights and interests in the digital era, and guarantee personal information security with practical actions.
About Whale strategizing
As a professional omni-digital marketing operation platform in China, Whale, through key technological innovations in artificial intelligence (AI), large-scale Internet of Things (IoT) and Data model (Data), provides future-oriented retail brands with data-driven, collaboration-first, simple and easy to deploy omni-brand marketing solutions. It aims to enable sustainable fine operation and lean growth of retail brands and open up the "last mile" of MarTech. At present, Whale strategy service system has widely covered food and beverage, beauty makeup and skin care, fashion shoes and clothing, light luxury jewelry, digital electrical appliances, catering and tea drinking, business super convenience, automobile service, medicine and health and other industries. It has accumulated benchmark customers such as Unilever, Watsons, Sibei, Midea, Paopamart, Nextev, Carrefour and more than 300 Top brands in the industry. The company was founded in 2017 in Hangzhou, and has offices in Shanghai, Shenzhen and Beijing.
