7 Data Privacy Trends For 2020

Everything points to 2020 being a very exciting year for Data Privacy (especially with the CCPA becoming effective on January 1, 2020).

What can we expect?

1.The Rise of the Regulations

When the GDPR came into full force it was the beginning of the new era of data privacy.

However, we are pleased (as data subjects and consumers) that the GDPR served as a stepping stone for other governments to revisit their regulations and laws regarding data privacy in an effort to create one cohesive national law on governing privacy and security.

Leading the way with the GDPR, the European Union has shown how it can be done with creating a framework where organizations can take responsibility over how they process personal data. It is still a long way, but the influence of the GDPR on other legislative systems can not be disregarded.

Adding more fuel to those pressing issues were numerous data breaches and cybersecurity issues we have witnessed in the past year.

TOP 5 Data Breaches in 2019

The framework that the EU has laid out, however restricting it seems to companies when compared to the one Chinese government is imposing, the GDPR has shown flexibility and market inclusiveness, but no mercy.

Get 14-days Free Data Privacy Manager Trial

Who is joining the Data Privacy party?


As we mentioned before, with 2020, the California Consumer Privacy Act is becoming fully effective. Inspired by the GDPR, the CCPA is the first US privacy law of a similar magnitude (considering California is the fifth-largest economy in the world). CCPA will create new obligations for businesses in California and empower Californians to have more control over their data. The ever-changing needs for new ways to protect consumers are reflected in the new wave of data protection initiatives, and CCPA is one of the first to address those problems.

Read the blog: CCPA vs. GDPR

DPB – Indian Personal Data Protection Bill

Far away from the European Union, India is brewing its own data protection bill set up to control the processing of personal data of Indian residents. There is no doubt, the Indian Personal Data Protection Bill will have an impact on the global economy (since the Indian economy is expected to reach a valuation of $1 trillion dollars by 2022) and influence the way companies will operate in India.

Harward Business Review explained:

The Indian government looks set to legislate a Personal Data Protection Bill (DPB), which would control the collection, processing, storage, usage, transfer, protection, and disclosure of personal data of Indian residents. Despite its regional nature, DPB is an important development for global managers.

According to the Tech Crunch “If the bill passes — and it is expected to be discussed in the Parliament in the coming weeks —[…] The bill might also change how global technology companies that have invested billions of dollars in India, thanks in part to the lax laws, see the nation of more than 600 million internet users.”

LGPD –Brazilian General Data Protection Law

The enforcement date of the LGPD (Lei Geral de Proteção de Dados Pessoais) is 15 August 2020. The LGPD is intended to protect the personal information of 140 million internet users. Cookiebot states that Brazil is “the largest internet market in Latin America and the fourth-largest internet market in the world in a number of internet users.” Hearing those numbers, you must be wondering why Brazil hasn’t done anything about the data protection already. Well, that’s not quite right. There are over 40 laws addressing that issue for different segments or industries. However, the LGPD is intended to replace those legislative fragments, and create uniformed law. The “Brazilian GDPR” is heavily influenced by the GDPR and being GDPR compliant, should suggest you are also LGPD compliant. Read more about LGPD/GDPR differences.

Asian data privacy initiatives are coming on strong as well. There are more initiatives to mention, but you get the idea, the general trend is towards creating laws that will provide consumers with a certain amount of control over their personal data.

According to Gartner:“…by 2022, half of our planet’s population will have its personal information covered under local privacy regulations in line with the GDPR.”

DPA-research-data-privacy trends 2020
Source: https://www.dlapiperdataprotection.com/

2. Data Graveyards and new Privacy Standards

Data Graveyard has become a new buzzword for describing the state companies are in when we talk about the quantity and quality of the data stored on companies’ servers.

More to the point, Data Graveyard describes repositories of unused data that companies are collecting in immense quantities, that is seriously jeopardizing database utilization, and is becoming an increasing problem and financial burden to those companies.

While GDPR propagates data retention and data removal policies, we have seen that in practice, companies are rarely on a desired level of maturity with their privacy programs.

€14.5 million GDPR fine issued recently for non-compliant data retention schedule, only verifies this assumption. It would be delusional if we would think that the German company who got the fine, is the single exception to the compliance rule.

In 2020, we expect companies raising awareness about how they process, store, manage and secure their data, pushing the legislative procedures to focus more on creating data quality and data governance industry standards. It is expected that more heavily regulated industries will lead the way (as it was with the GDPR), but the end-results will benefit all.

3. New Roles and Shift in Responsibility

When we talk about GDPR-related responsibilities, we believe that the data privacy trend in 2020 will include the shift in the compliance responsibilities within the organization.

More and more companies will understand that a single role (a DPO or any other role) will be incapable of single-handedly managing, supervising and implementing data protection laws and policies.

Staying compliant will compel other departments and organizational units to hop the compliance train and help out the DPO. This will include HR representatives, Marketing and Legal. Those departments will have to be accounted responsible for data processing happening under their roof.

The DPO should also experience more authority to investigate the processes within the organization, more freedom in the way he conducts his department and his responsibilities, manage his own budget and report directly to the top management. This will develop hand in hand with the general awareness of the importance of data privacy within the organization.

Who is a Data Protection Officer [Role and responsibilities]

However, this will also, undoubtedly, create new roles within the organization and new alliances forming between the existing roles that now only have touching points, but not shared responsibilities.

In their report, PrivSec stated: “CDOs and CISOs find common ground: Good data stewards join forces.  As data security, personal data privacy and compliance demands escalate, so will the opportunities for Chief Data Officers (CDO) to partner with Chief Information Security Officers (CISO). Companies should encourage these two stakeholders to find common ground, align on priorities and build value-based recommendations to ensure that budget-focused CFOs actually green light important projects.”

Privacy and cybersecurity will slowly start to merge and share common interests and responsibilities.

4. More Fines, More Awareness

Not all supervisory authorities were working at the same speed in 2019. Some authorities are just waking up, some of them, like French bulldog CNIL and German BfDI were cheeky enough to issue multimillion GDPR fines. Altogether 150 GDPR fines, with the largest fine being €50,000,000 (Google).

7 data privacy trends in 2020- gdpr fines
Source: Privacy Affairs https://www.privacyaffairs.com/gdpr-fines/

For always staying up to date on GDPR fines so far issued in the EU we recommend this GDPR tracker!

However, the time of playing hide-and-seek with supervisory authorities in 2020 will slowly but surely decline. In 2020 we can fully expect more protrusive and aggressive behavior by supervisory authorities. The trend of higher and more frequent GDPR fines in the last few months of 2019, is an indicator of that.

If European authorities have been a bit “shy” in the past year, it is yet to be seen what kind of attitude will other supervisory authorities have (California we have our eyes on you).

GDPR fines, privacy risks, and reputational damages is something that executive-level management can finally understand. Numbers will speak in favor of a DPO, which will hopefully bring the attention of top management and to find a more generous privacy budget for a DPO.

Read the blog: Top 5 GDPR fines [first half of 2019]

5. Transparency as a Key to Successful business

We can not stress enough how important transparency will become (and already is) for organizations, especially B2C companies. In 2020, consumers will become more aware of their rights and the dollar sign that stands next to their data.

In 2020, the trust will not be a nice-to-have addition to your business it will be a MUST have. As we mentioned in our blog “Data Breach and Reputation Management”, according to Salesforce research

“Customers have stated that they would be more willing to trust companies that gave control over the collected information, are transparent in the way they use that information, have a strong privacy policy or ask for explicit consent.”

Consumer attitude towards privacy and transparent behavior will be what will set off companies to bring more attention to those issues.

Read the blog: Data breach and Reputation Management

6. Third-Party Risk Management

Heavy focus in 2020 will also be on third-party risk management, risk assessment and demands on suppliers, vendors, and partners to demonstrated compliance.

The GDPR has deepened the existing obligations requiring contractual protections with data processors and sub-processors, adequate data protection, and evidence of compliance (Article 28).

This means organizations will have to put more effort into vetting the third parties they work with, shielding themselves from potential risks through third-party partner evaluation and agreements.

Gartner’s research reveals that: “compliance programs are focused on third-party risk more than ever before, with more than twice the number of compliance leaders considering it a top risk in 2019 than three years ago.”

7. Employee Training and Talent Crisis

We can not end this list without mentioning the talent crisis in the data privacy world. The shortage of cybersecurity and data privacy experts is going to be the single most important impact on the talent market in 2020.

In 2019, companies were already struggling with a shortage of privacy experts, and in the years to come, this problem will only become more evident.

Axios research states: “On LinkedIn, hiring for jobs with the titles “chief privacy officer,” “privacy officer” or “data protection officer” increased 77% from 2016-2019.”

All this is happening in the time of greatest emphasis on data security, cyberattacks and data breaches, putting more pressure on the market and organizations.

Organizations and businesses will eventually find (as always) innovative ways of resolving these challenges through in-house training and outsourcing. Meaning, if they can’t find the person for the job, they will build it.

Data Privacy experts will be selling out faster then TurboMan toy on a Christmas eve!

IAPP Study indicates: “The new estimate, which indicates a half-million organizations already registered DPOs, combined with new data from IAPP’s latest salary survey, sheds light on the rapid growth of the privacy profession and the expanding role of DPOs in Europe and beyond.”

All this, only implies that privacy is the career of the future!

Data Privacy Trends for 2020

To conclude the story, 2020 will be an exciting year, we hope our predictions will come true, and we can not wait for January 1 to see how CCPA story will unravel. Stay with us in 2020, when we will bring more top content!

Subscribe to Data Privacy Manager newsletter