Abstract Structure

Why Meru?

Meru helps to build and sustain privacy and information governance programs. We harness technology to simplify privacy programs for our customers. We also act as an extension of our customer's team as a managed services provider. Our customers rely on our people and our technology to set, track and achieve their privacy goals.

Given the fast-changing regulatory environment around Privacy, Companies rely on experts who understand the regulatory requirements.

However, operationalizing privacy requires additional skill sets. It requires people with a proven track record of streamlining, simplifying, and scaling programs. It requires technology and automation to manage large amounts of data without the integration of all these, it is not possible to gain alignment across stakeholders and enable effective data-based decision making

Our Core Beliefs

Data is an asset for organizations

Companies should be both data-wise and privacy-conscious: It is indeed possible to both use data

to personalize experiences for customers and ensure privacy at the same time

Privacy compliance is complex. But it can be simplified and managed with the right processes

and technology

Sustainable Privacy programs require robust Information Governance. Data needs to be governed 

and managed from creation to deletion.

Problems We Solve For Our Customers

01

Privacy budgets are increasing, but the programs are not scaling

The average annual privacy spend is close to 1 million dollars and increasing. However, less than 15% of the spending is on technology. Harnessing technology is critical to scale and sustain Privacy and Information Governance programs. We help our customers to structure programs that are consistent, scalable, metrics-driven, and budget-friendly. Our customers achieve more with limited resources –we ensure their programs are structured right from the onset.

02

We don’t understand our data

The organization's understanding of its data is crucial to implementing a robust privacy program. Organizations face two broad sets of challenges:

1. Implementation details are placed ahead of fundamental framing of purpose– multiple cycles get consumed on debating whether automated or manual processes should be followed or on approaches for structured vs. unstructured data.

2. Focus on “low-hanging fruits” leads to multiple efforts that do not build on each other nor achieve the intended overall purpose. This leads to fatigue and frustration

Organizations end up fully ignoring this step altogether as it can be complex or end up with a partial view of their data footprint.

Our unique DataMap technology and consistently proven methodology allow you to develop and maintain detailed information about all of your data, systems, and data flows. You can use our DataMap to understand what is important, sensitive and confidential.

03

We have too much data

We see many companies not having clear answers to two fundamental questions – what data is needed and why. Organizations end up accumulating data without having clarity on why or what data is needed.

 

Retaining more data than needed is expensive in the long run and creates a risk that exponentially increases. Additionally, retaining all this excess data results in not being able to find the data that is needed when it is needed. Privacy regulators are focusing on over-collection, over-retention as well as inconsistencies in how retention policies are applied within organizations. This will require us to rethink RIM to support data minimization. Having an organization-wide, holistic data minimization program requires a change in culture and a more strategic approach to managing data.

04

It is a challenge to implement the cross-functional efforts needed for Privacy and Information Governance

For cross-functional efforts to succeed, teams should have clarity on the current state and end goals, roles and responsibilities, and the impact of each other’s work. Most people rely on training, cross-functional committees, and meetings to coordinate cross-functional efforts. While those are important it’s not very effective.

Our technology solutions enable cross-functional teams to manage Privacy and Information Governance through real-time tracking and data-driven metrics. The tool provides one shared vision for greater collaboration and alignment. The tool helps stakeholders understand the whole picture, use real-time charts and other visual highlights to share status, spot potential problems, and keep governance on track. This is truly unique in the marketplace.

05

Our current approaches do not scale

Governance, compliance, and privacy efforts have focused heavily on establishing policies and training employees on related procedures. This relatively static approach does not scale with the pace at which data volumes, security risks, data privacy laws and regulatory enforcement worldwide is growing. A more dynamic approach that is responsive to new risks and emerging threats is required.

06

Regulatory compliance is becoming more complex

Companies are seeing a steady increase in Data Subject Access Requests (DSAR). Providing customers access and control over data has been a central theme in recent Privacy regulations including the GDPR and the CCPA. Companies also have to comply with regulatory requirements in multiple jurisdictions (across countries and states). Increasing enforcement has been another theme in all these regulatory changes. Compliance has to be automated, scalable, and complete.

Addressing these requests is often cumbersome and can demand valuable resources if the number of requests per day gets large. The significant challenge associated with this request is ensuring that customer data is deleted from all systems, including vendors, within the organization. Meru’s tool automates the process of addressing DSAR requests by integrating it with DataMap. A proactive approach to data governance will ensure that Organization Name stays in compliance with the current guidelines and any future ones.