Don't settle for half the story
Demyst gives you access to all of the data you need. Evaluate thousands of data attributes from hundreds of possible data connectors all pulled into your own custom-built APIs for instant data deployment.
Companies that want to become data-sharing masters must manage that data carefully. When performing due diligence on a new data provider, it’s not enough to review representations and warranties while hoping for the best — Chief Data Officers (CDOs) must ask detailed questions to understand how external data sources operate.
There are five key areas to consider when reviewing data providers.
Find out whether a provider has automated processes in place for collecting data, and understand their policies and practices for automation.
The provider may be using government records, publicly available sources, third-party records, or information collected from individuals, which each have their own implications for managing consent and implementing privacy policies.
Even publicly available data can provide sensitive personal information that may be subject to regulatory oversight. Ask whether providers regularly receive data subject requests and whether and how they are prepared to respond to them.
Consent processes may be influenced by the data provider’s lawful reasons for processing personal data. Whenever a provider claims that its collection of personal data is supported by a lawful reason, then that claim should be reviewed.
If a provider’s lawful basis for processing personal data is based on consent, Ask questions to examine that process:
The actual mechanisms for acquiring consent also matter. Individuals should give consent freely and affirmatively, after being informed of their rights, as opposed to assuming that they have given consent based on their participation in a survey or registration for a service.
When data providers are reviewed for inclusion in the Demyst platform, the main considerations are whether consent was obtained, whether that consent was informed and freely given, and what process was used to obtain it.
Data privacy regulations are continuing to be updated, and due diligence needs to be an ongoing process that responds to these regulatory changes. And data providers should be able to explain how they are adapting their business processes to comply with changing regulations.
Any company onboarding new data sources must not only inspect the provider’s current data collection practices, they must also review those practices at regular intervals in the future.
When a data provider aggregates data from other sources, or relies on other organizations to collect its data, then those collection practices should be considered.
It may not be possible to trace collection practices all the way back to the source of the data, but asking a provider about its own due diligence processes can reveal unexpected risks in the data supply chain.
The due diligence process will be different for each data provider; data privacy regulations involve too many variables for a simple checklist. Extra care is necessary when dealing with topics like sensitive personal information, criminal information, and information pertaining to children.
Ultimately, companies onboarding new data providers will need to make their own risk assessments after receiving legal advice from qualified attorneys. And they will need to update those risk assessments as their business relationships continue.
This is what the future will look like for external data — any organization that wants to benefit from greater insights data must either make substantial investments in data capabilities or work with a partner who already has those capabilities.
The Demyst platform works with data providers that meet stringent qualifications while reducing the friction associated with external data procurement, testing, and deployment. Certified providers in the Demyst data ecosystem are asked more than 150 questions for a detailed understanding of their privacy policies.
Browse the catalog to learn more about the data sources available through Demyst.
Don't settle for half the story
Demyst gives you access to all of the data you need. Evaluate thousands of data attributes from hundreds of possible data connectors all pulled into your own custom-built APIs for instant data deployment.
External data can be easy to discover and deploy