paragraph feedback comment to Denise's discussion post providing input and feedback

The European Union (EU) doesn't play when it comes to privacy. Their General Data Protection Regulation (GDPR) changed the game worldwide. Even if we're not based over there, it's still smart business to take notes. The way they protect people's data sets a high bar and it's one Red Clay should seriously consider if we want to build trust and stay ahead of the curve. Privacy by Design You're proactive with building privacy and protection into all systems at the beginning of the process instead of building protection after the issue has arise. There can be a multitude of reasons, like upgrading data base, and privacy settings under customer portals. Privacy should be the first thing that is thought about in any process, focusing on encryption and limiting data we collect is important. The Right to Be Forgotten This one's powerful. Basically, if someone doesn't want us to have their data anymore, and there's no reason to keep it, they can ask us to delete it. Not just ignore them, but actually erase it. Even though this is an EU law, we could offer the same thing to our customers here to show we respect their rights and keep our data storage lean. The Right to Be Informed People want to know what we're doing with their info, and they have every right to. That's what the Right to Be Informed is all about. No more hiding details in tiny fine print. We should be telling our customers and staff what we collect, why we need it, how we store it, and who we might share it with. And we need to do it in plain English. 5 Privacy Moves Red Clay Needs to Make 1. Design with Privacy in Mind - Bake it into every system. From web tools to internal software, don't wait for problems, build protections from the jump. 2. Give People the Option to Be Forgotten - Have a clear process for folks who want their data deleted. Don't just say we do it, do it and document it