New data privacy laws are being introduced around the world, including the recently launched CRPA. So, we thought this would be a good time to demonstrate how process automation can help you meet regulatory compliance and overcome the challenges posed.
In this article, we’ll focus on the CRPA in particular and how Nintex helped one of our customers become compliant.
What is the CPRA?
On November 3rd, 2020, the state of California passed the California Privacy Rights Act (CPRA) which will come into play in 2023. An addition to the current California Privacy Protection Act (CCPA) introduced last year, this newly amended privacy legislation means that there are now new definitions and usage limitations for sensitive data, as well as expanded breach liability.
Organizations accessing and using the personal data of California residents must now ensure they are adhering to the CPRA at all times. This includes being able to respond to CPRA “privacy requests” from customers in an accurate and timely manner.
The changes are being introduced to strengthen the privacy rules already in place, to bring the CCPA more in line with many of the provisions outlined in similar laws around the world, such as the GDPR in the European Union. The new amendments are wide-ranging including expanding the definition of “business” so that more organizations fall under its purview, and “consent” to cover far more scenarios around where and how organizations use citizens’ data.
Good news for privacy-conscious citizens of California – and new compliance considerations for businesses.
Managing privacy compliance: a case study
New Belgium Brewing Company is a 100% employee-owned company brewing beer across the United States. It’s also the fourth-largest craft brewery in the country.
Gaps and growing pains
After constant growth from its inception, New Belgium realized there were many communication gaps occurring between different departments of the organization. Information and content were being collected and stored in different places and systems causing information silos and productivity bottlenecks. Not only does this affect productivity but also the ability to provide the best customer engagement. So just over 12 years ago, they brought in Nintex to help automate these processes.
Fast-forward to the present day, and the introduction of the CPPA and then the CPRA meant these issues have become even more prevalent. Although based in Colorado, New Belgium needed to be able to respond to privacy requests from its customers in California. They had five months to come up with an accurate, standardized approach to responding to privacy requests – or they would be subject to large fines in line with the new legislation.
Solving new compliance concerns
But there were other challenges too. The legal team at New Belgium needed to know which areas of the business were storing CCPA and CPRA data in its systems. Plus, there were new concerns about communications, and the team wanted to automate the processes around these to fit in line with new compliance rules.
New Belgium used Nintex to do just that. In only one month, they created a solution that enabled responses to its Californian customers twice as quickly as the law requires. Process Mapping allowed them to understand exactly what was going on within their workflows, and to better manage automated processes related to communications so that they could comply with all areas of the new regulation.
How to meet regulatory compliance
Nintex was perfect for helping New Belgium Brewing meet regulatory compliance needs because:
- It’s a low-code, flexible, easy-to-use platform. New Belgium was able to get a proof of concept working quickly, then build their full solution and cover compliance ASAP.
- You can fully visualize the state of your processes now. Process mapping allows businesses like New Belgium to see what worked and what could be scrapped, what was fit for purpose in a post-CPRA world, and what was holding up speedy responses to privacy requests.
- The business was easily able to draw the necessary data from external sources thanks to Nintex’s seamless integration with the likes of Microsoft 365 and more. This reduced the risk of customer data being locked away in information silos.
- It provides the whole package when it comes to process automation. Nintex offers process mapping, workflow automation, RPA, document generation, analytics, and much more. Whether it is the first step on the road to digital transformation or to solve a particular issue, e.g. responding to privacy requests, Nintex can help each automation project fit into a wider picture of digital growth.
Even before their CPRA-compliance initiative, Nintex has helped New Belgium Brewing to enhance their operations with the power of process. You can read more about what they achieved here.
New Belgium Brewing Company is one of many organizations making the most of Nintex’s simple but powerful low-code capabilities. “We chose the Nintex solution because it was easy!” as Tye Eyeden, their Collaboration Business Systems Analyst, says.
Managing privacy compliance with Nintex
As citizens everywhere vote to take greater control of their privacy and personal data, it’s increasingly vital that businesses act swiftly, like New Belgium Brewing, to create effective solutions that respond to these developments, in order to meet regulatory compliance.
To learn more about managing privacy compliance and how process automation can help you meet regulatory compliance legislation like CPRA, GDPR, and more, get in touch with the team at Nintex today.