如何賺取units

A cross-border merchant like Amazon or Walmart, or a financial service provider like Brex may aggregate customer information into a CRM system (e.g., Oracle’s RightNow or Pipedrive) and/or accounting reporting system (say, Pocketsuite or Expensify)

像亞馬遜或沃爾瑪這樣的跨境商家，或者像布雷克斯這樣的金融服務提供商可能會將客戶信息匯總到CRM系統(tǒng)(例如Oracle的RightNow或Pipedrive)和/或會計報告系統(tǒng)(例如Pocketsuite或Expensify)

讓我們以Brex為例， (Let’s take Brex as an example,)

Per Brex’s privacy policy, “Brex owns and controls the transaction data and other personal information”… Brex share with card issuing partners”.

根據(jù)Brex的隱私權政策，“ Brex擁有并控制交易數(shù)據(jù)和其他個人信息 ” …Brex與發(fā)卡合作伙伴共享 。

Brex directly collects the data and receives consent from you, the startup founder, or enterprise customer. You might then integrate your Brex account with Expensify for expense management, invoicing, or bill processing software. Expensify would then be a third-party service provider that processes the data on behalf of Brex.

Brex直接收集數(shù)據(jù)并獲得您，初創(chuàng)公司創(chuàng)始人或企業(yè)客戶的同意。 然后，您可以將您的Brex帳戶與Expensify集成在一起，以進行費用管理，發(fā)票或賬單處理軟件。 然后，Expensify將成為代表Brex 處理數(shù)據(jù)的第三方服務提供商。

服務提供商也可能選擇不成為控制者。 (A service provider may also opt not to be a controller.)

For example, under a PayFac model, a multi-vertical SaaS vendor like i3 Verticals or single vertical focused SaaS online booking vendors — e.g., StyleSeat (Beauty Services) and Vagaro (Salon, Spa, or Fitness Appointments), Textura (Construction) — have all been approved by a merchant acquirer to be a PayFac (Payment Facilitator).

例如，在PayFac模式下，諸如i3 Verticals的多垂直SaaS供應商或專注于垂直的單個SaaS在線預訂供應商-例如， StyleSeat (美容服務) 和Vagaro (Salon，Spa或Fitness任命)， Textura (建筑) —已全部由商戶收單行批準為PayFac(付款服務商)。

Vagaro maintains a master merchant account. Vagaro’s SMB merchant client (e.g., a SPA) accepts payments from consumers through a sub-merchant contract. Vagaro would then use a third-party payment processor (e.g., Adyen, EBANX, or Vantiv/FIS) to process payments on behalf of its clients.

Vagaro維護一個主商人帳戶。 Vagaro的SMB商家客戶(例如SPA)通過次級商家合同接受來自消費者的付款。 然后Vagaro將使用第三方支付處理器(例如Adyen，EBANX或Vantiv / FIS)來代表其客戶處理付款。

When customers of the hair salon make payment to the salon through Vagaro, their personal information is collected directly by the payment processor (say hypothetically, Adyen); Not by Vagaro. In this case, Vagaro has no control over and is not responsible for, Adyen’s use and disclosure of the customer’s Personal Information. Adyen, in this case, would be both the controller and the processor.

當發(fā)廊的顧客通過Vagaro向發(fā)廊付款時，他們的個人信息將直接由付款處理者收集(假設是Adyen)； 不是Vagaro 。 在這種情況下，Vagaro無法控制Adyen對客戶個人信息的使用和披露。 在這種情況下，Adyen既是控制器又是處理器。

對控制器的影響 (Impact on Controllers)

Data controllers (like Brex) are the ones directly working with (and receiving consent from) end customers to use their data. Thus, controllers face more significant portion of the data privacy burden than the processors.

數(shù)據(jù)控制器(如Brex)是直接與最終客戶合作(并獲得最終用戶同意)使用其數(shù)據(jù)的控制器。 因此，與處理器相比，控制器面臨更多的數(shù)據(jù)隱私負擔。

控制器現(xiàn)在必須： (Controllers must now:)

a) Categorizes the type of data being collected

a) 分類收集的數(shù)據(jù)類型

b) Records the individual to whom the data is being attributed

b) 記錄數(shù)據(jù)所歸于的個人

c) Specifies how long the data can be held there before being erased

c)指定數(shù)據(jù)在刪除之前可以保留多長時間

對數(shù)據(jù)處理器的影響 (Impact on Data Processors)

While less impacted than the data controllers, data processors still have a responsibility to protect the security of the data given to it by the data controller; think again Expensify (processor) protecting data received from Brex (controller).

盡管其影響程度不如數(shù)據(jù)控制器，但數(shù)據(jù)處理器仍然有責任保護數(shù)據(jù)控制器提供給它的數(shù)據(jù)的安全性。 再想一想Expensify(處理器)保護從Brex(控制器)接收的數(shù)據(jù) 。

In general, processors include any vendor that houses a controller’s data, whether on its own or on a third-party’s data center. For those reasons, data processors will still be subject to a fine in the event of a data breach. In these cases, it is on the processor (e.g., Expensify) to inform the controller (e.g., Brex) “once” the processor (Expensify) becomes aware of the incident.

通常，處理器包括任何存儲控制器數(shù)據(jù)的供應商，無論是其自身還是第三方的數(shù)據(jù)中心。 由于這些原因，如果發(fā)生數(shù)據(jù)泄露，數(shù)據(jù)處理器仍將受到罰款。 在這些情況下，一旦處理器(Expensify)知道該事件， 就在處理器(例如Expensify)上通知控制器(例如Brex) 。

修改或增強現(xiàn)有數(shù)據(jù)庫基礎架構 (Modify or Enhance Existing Database Infrastructure)

One of the basic requirements of some data privacy laws is that the controller will have to delete personal data, if it is requested by the data subject, barring any existing reason to hold that data. While finding a way to erase this data from a database is one issue, the larger issue may actually be determining where that data sits in a database.

某些數(shù)據(jù)隱私法的基本要求之一是，如果數(shù)據(jù)主體要求，控制者將必須刪除個人數(shù)據(jù)，除非有任何現(xiàn)有理由保留該數(shù)據(jù)。 雖然找到一種從數(shù)據(jù)庫中刪除此數(shù)據(jù)的方法是一個問題， 但更大的問題實際上可能是確定該數(shù)據(jù)在數(shù)據(jù)庫中的位置 。

Many businesses’ databases are outdated with no transparent view into the data they hold or who has access to that data — a huge issue, given the potential for hacking and security breaches.

許多企業(yè)的數(shù)據(jù)庫已經(jīng)過時，對其擁有的數(shù)據(jù)或誰有權訪問這些數(shù)據(jù) 沒有透明的視圖 ，這是一個巨大的問題，考慮到潛在的黑客和安全漏洞。

That said, vendors such as BigID now enables businesses detect inventory personal data for every data subject

也就是說， BigID等供應商現(xiàn)在使企業(yè)能夠檢測每個數(shù)據(jù)主體的庫存?zhèn)€人數(shù)據(jù)

控制器在這里幾乎沒有選擇。 (Controllers have few options here.)

1)控制器必須 (1) Controllers either have to)

a) Completely upgrade or create a new database infrastructure if the database is too outdated to handle the updated regulation, or if the existing database is more or less sufficient and has only minor gaps to data compliance, they can…

a)如果數(shù)據(jù)庫過時而無法處理更新的法規(guī)，或者如果現(xiàn)有數(shù)據(jù)庫或多或少足夠，并且在數(shù)據(jù)合規(guī)性方面僅有很小的差距，則可以完全升級或創(chuàng)建新的數(shù)據(jù)庫基礎結構，他們可以…

b) Purchase software modules (e.g., Data residency compliance InCountry’s SDK), to encrypt the data and provide control over who has access to this data.

b)購買軟件模塊(例如， 數(shù)據(jù)居留合規(guī)性InCountry的SDK )，以加密數(shù)據(jù)并控制誰可以訪問此數(shù)據(jù)。

2)購買治理與合規(guī)模塊 (2) Purchase a Governance & Compliance Module)

When it comes to data privacy laws, there are hundreds of articles listing different regulatory requirements. Likely the most important of them all, data privacy law’s requirement to categorize and document all personal data. It will require organizations to keep a record of the data it has, the individual to whom the data is attributed, and the length of time before being erased. As a business owner/operator, understanding whether you already meet some of these criteria or whether you need to make changes can be a daunting task without some sort of guidebook — and is costly if it results in non-compliance.

關于數(shù)據(jù)隱私法，有數(shù)百篇文章列出了不同的法規(guī)要求。 其中最重要的一點可能是數(shù)據(jù)隱私法對所有個人數(shù)據(jù)進行分類和記錄的要求 。 它將要求組織保留其擁有的數(shù)據(jù)，數(shù)據(jù)歸因于其的個人以及擦除之前的時間長度的記錄。 作為企業(yè)所有者/運營商，如果沒有某種指導手冊，則了解您是否已經(jīng)滿足其中一些條件或是否需要進行更改可能是一項艱巨的任務，如果導致不遵守要求，則成本很高。

You might be the vendor providing solutions to this in the form of governance and compliance modules; this will help to bring companies into compliance in an interactive and step-by-step process. For example, ServiceNow’s Policy and Compliance Management and Audit Workbench dashboards provide customers with the ability to monitor their level of compliance to data privacy laws, which can be viewed globally or examined on an entity, system, or unit level. It also tracks data protection actions, remediation plans, and schedule audits.

您可能是以管理和合規(guī)性模塊的形式提供解決方案的供應商； 這將有助于使公司通過交互式的逐步過程達到合規(guī)性。 例如， ServiceNow的“策略和合規(guī)性管理”以及“審核工作臺”儀表板使客戶能夠監(jiān)視其對數(shù)據(jù)隱私法律的合規(guī)性水平，這些數(shù)據(jù)可以在全球，實體，系統(tǒng)或單位級別進行查看或檢查 。 它還跟蹤數(shù)據(jù)保護措施，修復計劃和計劃審核。

3)遷移到第三方云托管提供商 (3) Migrate to a Third-Party Cloud Hosting Provider)

For businesses that can migrate to a third-party cloud hosting provider, data privacy compliance could be a lot less painful. Cloud service providers already provide tools to identify, locate, and control who has access to your data in the cloud. While the controller will still have to do the heavy lifting (e.g., instructing Google Compute Engine to delete Client X’s data on request), controllers are more easily able to do this when the framework is already in place.

對于可以遷移到第三方云托管提供商的企業(yè)而言，數(shù)據(jù)隱私合規(guī)性可以減輕很多麻煩。 云服務提供商已經(jīng)提供了識別，定位和控制誰可以訪問您的云中數(shù)據(jù)的工具。 盡管控制器仍然必須承擔繁重的工作 (例如，指示Google Compute Engine根據(jù)請求刪除Client X的數(shù)據(jù))，但在框架已經(jīng)就緒的情況下，控制器可以更輕松地做到這一點。

Working with you, as a third-party vendor, might also be more advantageous to potential customers, in that any data privacy is likely not a one-time thing but more a regulation that will shift over time. Any additional changes to compliance can be flowed through you, as a vendor, relieving your customers of having to bear the burden and the costs of handling these changes on their own.

作為第三方供應商，與您合作可能對潛在客戶也更有利，因為任何數(shù)據(jù)隱私都可能不是一次性的事情，而是隨著時間推移而變化的法規(guī) 。 作為供應商，可以對您進行合規(guī)性的任何其他更改，從而使您的客戶不必自己承擔處理這些更改的負擔和費用。

證明您的軟件符合數(shù)據(jù)隱私 (Certifying Your Software as Data Privacy-Compliant)

If you the vendor who is not looking to monetize the regulation directly, you probably reaffirming the safety of your offerings and your role as a data privacy compliant data processor. (check the ISO 17024 qualification by IBITGQ)

如果您不想直接從法規(guī)中獲利，那您可能會重申產(chǎn)品的安全性以及作為數(shù)據(jù)隱私兼容數(shù)據(jù)處理器的角色。 (通過IBITGQ檢查ISO 17024資格)

What this distills down to is whether your (payment or other) data processor has security procedures in place to protect your controller’s data, has approval from for cross-border data flows (moving data in and out of the European Union), and a system in place to detect and notify controllers of a security breach in a timely manner.

這歸結為您(付款或其他)數(shù)據(jù)處理者是否已制定安全程序來保護您的控制器數(shù)據(jù)，是否獲得跨境數(shù)據(jù)流的批準(將數(shù)據(jù)移入和移出歐盟)以及系統(tǒng)可以及時發(fā)現(xiàn)并通知控制器安全漏洞。

加強安全性 (Bolster Security)

Finally, some data privacy requirement to disclose breaches within a short timeframe (for example, 72 hours) could prompt enterprises to bolster security spending as a result. While data privacy laws typically have language related to security, they do not, for the most part, clarify a specific checklist of technical capabilities required to be in compliance.

最后，一些在短時間內(例如72小時)內披露違規(guī)行為的數(shù)據(jù)隱私要求可能會促使企業(yè)增加安全支出。 盡管數(shù)據(jù)隱私法通常使用與安全性相關的語言，但在大多數(shù)情況下，它們并未明確規(guī)定合規(guī)性所需的特定技術能力清單。

That said, the need to disclose breaches in less than 72 hours, for example, could prompt you to invest in more security operations headcount (in-sourced or out-sourced), as well as related tools like SIEM, threat analytics, etc — this could be difficult technically because the time from infection to detection is often several weeks.

也就是說，例如，需要在72小時內披露違規(guī)信息，可能會促使您投資于更多的安全操作人員(內部或外部) ，以及諸如SIEM，威脅分析等相關工具-從技術上講這可能很困難，因為從感染到發(fā)現(xiàn)的時間通常是幾周。

名譽損害 (Reputational Damage)

Perhaps the most impactful item in driving more investment in security vis-a-vis data privacy regulations is the potential reputational damage as a result of a breach — this in itself could drive security spending throughout the stack on prevention capabilities (from managed security services, and security and vulnerability management to identity and access management and endpoint) so an enterprise could reduce the probability of this event happening.

相對于數(shù)據(jù)隱私法規(guī)而言，推動對安全性進行更多投資的最有影響力的項目可能是由于違反而造成的潛在聲譽損失-這本身可能會推動整個堆棧在預防功能方面的安全支出(來自托管安全服務，以及身份和訪問管理以及端點的安全性和漏洞管理)，這樣企業(yè)就可以降低發(fā)生此事件的可能性。

翻譯自: https://medium.com/swlh/protect-yourself-or-make-tons-of-money-from-data-privacy-686654edd838

如何賺取units

總結

以上是生活随笔為你收集整理的如何赚取units_保护自己或从数据隐私中赚取大量金钱的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內容還不錯，歡迎將生活随笔推薦給好友。