Sustaining Global Compliance With Modern Data Privacy Laws

Data privacy laws are becoming a major focus globally as businesses scamper to meet new compliance obligations.

Privacy regulations generally bind any business or organization to store securely all data they collect or process. What they do with that data is strictly regulated.

Some 65% of the world’s population will have its personal data covered under modern privacy regulations by the end of next year, according to a Gartner report. Complying with these expanding regulations can be challenging.

Companies have had near free reign in harvesting personal data from electronic transactions and growing internet use over the last 20 years.

Many organizations involved with international commerce must alter their procedures to fall into line with new legislation. This is a priority for transactions and correspondence involving e-commerce and social media.

Expanding consumer mistrust, government action, and competition for customers pushed some governments to impose strict rules and regulations. The impact is changing the no-man’s land conditions that let both large companies and small businesses run rampant with peoples’ personal data.

“By far the biggest challenge that companies face is keeping up with the volume of data that they manage, which is also subject to ever-changing data privacy requirements,” Neil Jones, director of cybersecurity evangelism at Egnyte.

Assortment of Differing Demands

The EU has the General Data Protection Regulation (GDPR). In the U.K. and Continental Europe, data privacy has generally been viewed as a fundamental human right, according to Jones. In the U.S. and Canada, businesses must navigate around a growing patchwork of state and provincial laws.

Data privacy legislation in the U.S. and Canada has traditionally been more fragmented than in the U.K. and Europe. Canada’s Quebec, and the United States’ Utah and Connecticut are among the latest to enact comprehensive data privacy laws, joining the U.S. states of California, Virginia, and Colorado.

By the end of 2023, 10% of states in the U.S. will be covered by data privacy legislation, noted Jones. This lack of a universal standard for data privacy has created an artificial layer of business complexity.

Add to that, today’s hybrid work environment has created new levels of risk which has complicated compliance with myriad privacy concerns.

What’s at Stake

To enhance productivity, organizations may need to ask employees detailed questions about their behavior and work-from-home arrangements. These types of questions can create their own unintended privacy impacts, according to Jones.

The recent convergence of personally identifiable information (PII) and protected health information (PHI) has also put highly-confidential data at risk. This includes workers’ compensation reports, employees’ and patients’ health records, and confidential test results like Covid-19 notifications.

“With 65% of the world’s population expected to have personal data covered under privacy regulations by next year, respecting data privacy has never been more critical,” said Jones.

Cloud Privacy Hurdles

Data privacy and security are top challenges for implementing a cloud strategy, according to a recent study by IDG, now rebranded as Foundry. In this study, data security’s role was a prominent concern.

When implementing a cloud strategy, IT decision-makers or ITDMs are running into challenges such as controlling cloud costs, data privacy and security challenges, and lack of cloud security skills/expertise.

With a more stringent focus on securing privacy data, that issue looms large as more organizations migrate to the cloud. The IDG study found that two chief hurdles were data privacy and security challenges, and a lack of cloud security skills/expertise.

Spending on cloud infrastructure is up by some $5 million this year, according to Foundry.

“Although enterprise businesses are leading the charge, SMBs are not far behind when it comes to cloud migration,” said Stacey Raap, marketing and research manager at Foundry when the report was released.

“As more organizations move toward fully being in the cloud, IT teams will need the proper talent and resources to manage their cloud infrastructure and overcome any security and privacy hurdles that come with being in the cloud,” she noted.

Achieving Compliance

Organizations can successfully prepare for data privacy legislation, but doing so requires making data privacy initiatives a “full-time job,” Jones maintained.

“Too many organizations view data privacy as a part-time project for their web teams, rather than a full-time business initiative that can significantly impact customer relations, employee morale, and brand reputation,” he offered.

Beyond that step comes establishing holistic data governance programs that provide more visibility into the company’s regulated and sensitive data. Added to that is working with trusted business and technology partners who understand the data privacy space and can help you prepare for rapidly evolving regulations.

Perhaps the most dynamic approach is to use an Advanced Privacy & Compliance (APC) solution, suggested Jones. This enables organizations to comply with global privacy regulations conveniently, in one place.

Specifically, APCs can help achieve compliance by:

• Managing Data Subject Access Requests (DSARs) like individuals’ right to be informed about the personal data collected on them, the right to opt-out of personal information being sold to others, or the right to be forgotten by collecting organizations
• Assessing a company’s compliance preparedness and scope with specific regulations (e.g., GDPR, CCPA)
• Creating and reviewing third-party vendors’ technical assessments and evaluating potential risks to consumers’ data
• Augmenting cookie consent capabilities like integration of cookie consent into compliance workflows

Proactive Diligence

It can be difficult for companies to understand today’s rapidly-evolving privacy landscape, as well as how specific regulations apply to them, Jones said. However, by taking proactive steps, organizations can stay on top of data privacy regulations in the future.

Those steps include these ongoing tasks:

• Monitor the status of data privacy regulations in the countries, provinces, and states where the customer base lives
• Create a data privacy task force that can improve organizational focus and enhance senior executive attention on privacy initiatives
• Keep abreast of new federal data privacy legislation like the proposed American Data Privacy and Protection Act (ADPPA)

It is also important to note the additional long-term benefits of data privacy compliance. In particular is bolstering a company’s overall cybersecurity defenses.