Data privacy is one of the hottest topics right now, with Gartner comparing data privacy to what “organic” or “cruelty-free” was in the past decade.
So what are 7 data privacy trends you should look out for?
Data Privacy Trend #1 – The Rise of the Regulations
When the GDPR came into full force it was the beginning of the new era of data privacy.
However, we are pleased (as data subjects and consumers) that the GDPR encouraged governments to revisit their regulations and laws regarding data privacy in an effort to create one cohesive national law.
Leading the way with the GDPR, the European Union set an example by creating a framework where organizations can take responsibility for how they process personal data. It is still a long way, but the influence of the GDPR on other legislative systems can not be disregarded.
The framework that the EU has laid out, has shown flexibility and market inclusiveness.
It is almost incorrect to say this is one of the data privacy trends, from where we are standing it is an inevitable necessity.
CCPA or California Consumer Privacy Act
In 2020, the California Consumer Privacy Act became fully effective. Inspired by the GDPR, the CCPA is the first US privacy law of a similar magnitude (considering California is the fifth-largest economy in the world).
CCPA created new obligations for businesses in California and empowered Californians to have more control over their data.
The ever-changing needs for new ways to protect consumers are reflected in the new wave of data protection initiatives, and CCPA is one of the first to address those problems.
LGPD –Brazilian General Data Protection Law
The enforcement date of the LGPD (Lei Geral de Proteção de Dados Pessoais) started on September 18, 2020. The LGPD is set out to protect the personal information of 140 million internet users -the largest internet market in Latin America and the fourth-largest internet market in the world in a number of internet users.
Hearing those numbers, you must be wondering why Brazil hasn’t done anything about data protection already. Well, that’s not quite true.
There are over 40 laws addressing that issue for different segments or industries. However, the LGPD replaced those legislative fragments, and create comprehensive law.
The “Brazilian GDPR” is heavily influenced by the GDPR and being GDPR compliant, should suggest you are also LGPD compliant. Read more about LGPD/GDPR differences.
Other data privacy initiatives
Asian data privacy initiatives are coming on strong as well. There are more initiatives to mention, but you get the idea, the general trend is towards creating laws that will provide consumers with a certain amount of control over their personal data.
According to Gartner:“…by 2022, half of our planet’s population will have its personal information covered under local privacy regulations in line with the GDPR.”
Data Privacy Trend #2 – Data Graveyards and new Privacy Standards
Data Graveyard has become a new buzzword for describing the state companies are in when we talk about the quantity and quality of the data stored on company servers.
More to the point, Data Graveyard describes repositories of unused data that companies are collecting in immense quantities, which is seriously jeopardizing database utilization, becoming an increasing problem and financial burden for companies.
While GDPR propagates data retention and data removal policies, we have seen that in practice, companies are rarely on a desired level of maturity with their privacy programs.
€14.5 million GDPR fine issued for non-compliant data retention schedule, only verifies this assumption.
In the near future, we expect companies to raise awareness about how they process, store, manage and secure their data, pushing the legislative procedures to focus more on creating data quality and data governance industry standards.
It is expected that more heavily regulated industries will lead the way (as it was with the GDPR), but the end results will benefit all.
Data Privacy Trend #3 – New Roles and Shift in Responsibility
When we talk about GDPR-related responsibilities, we believe that the data privacy trends will include the shift in the compliance responsibilities within the organization.
Companies will understand that a single role (a DPO or any other role) will be incapable of single-handedly managing, supervising, and implementing data protection laws and policies.
Staying compliant will compel other departments and organizational units to hop the compliance train and help out the DPO.
This will include HR representatives, Marketing, and Legal. Those departments will have to be accountable for data processing happening under their roof.
The DPO should also experience more authority to investigate the processes within the organization, more freedom in the way he conducts his department and his responsibilities, manage his own budget and report directly to the top management.
This will develop hand in hand with the general awareness of the importance of data privacy within the organization.
This will also, undoubtedly, create new roles within the organization and new alliances forming between the existing roles that now only have touching points, but not shared responsibilities.
In their report, PrivSec stated: “CDOs and CISOs find common ground: Good data stewards join forces. As data security, personal data privacy and compliance demands escalate, so will the opportunities for Chief Data Officers (CDO) to partner with Chief Information Security Officers (CISO). Companies should encourage these two stakeholders to find common ground, align on priorities and build value-based recommendations to ensure that budget-focused CFOs actually green light important projects.”
Privacy and cybersecurity will slowly start to merge and share common interests and responsibilities.
Data Privacy Trend #4 – More Fines, More Awareness
Not all supervisory authorities were working at the same speed in the past years. The rough amount of all GDPR fines issued so far is currently a little shy of €275 million.
However, the time of playing hide-and-seek with supervisory authorities in 2021 will slowly but surely decline. We can fully expect more protrusive and aggressive behavior from supervisory authorities.
GDPR fines, privacy risks, and reputational damages are something that executive-level management can finally understand. Numbers will speak in favor of a DPO, which will hopefully bring the attention of top management and a more generous privacy budget for a DPO.
Data Privacy Trend #5 – Transparency as a Key to Successful business
We can not stress enough how important transparency will become (and already is) for organizations, especially B2C companies. In 2021, consumers will become more aware of their rights and the dollar sign that stands next to their data.
In 2021, the trust will not be a nice-to-have addition to your business it will be a MUST have.
Consumer attitude towards privacy and transparent behavior will force companies to bring more attention to those issues.
Data Privacy Trend#6- Third-Party Risk Management
Heavy focus in 2021 will also be on third-party risk management, risk assessment, and demands on suppliers, vendors, and partners to demonstrate compliance.
The GDPR has deepened the existing obligations requiring contractual protections with data processors and sub-processors, adequate data protection, and evidence of compliance (Article 28).
This means organizations will have to put more effort into vetting the third parties they work with, shielding themselves from potential risks through third-party partner evaluation and agreements.
Gartner’s research reveals that: “compliance programs are focused on third-party risk more than ever before, with more than twice the number of compliance leaders considering it a top risk in 2019 than three years ago.”
Data Privacy Trend #7- Employee Training and Talent Crisis
We can not end this list without mentioning the talent crisis in the data privacy world. The shortage of cybersecurity and data privacy experts is going to be the single most important impact on the talent market in the next few years.
In 2019, companies were already struggling with a shortage of privacy experts, and in the years to come, this problem will only become more evident.
Axios research states: “On LinkedIn, hiring for jobs with the titles “chief privacy officer,” “privacy officer” or “data protection officer” increased 77% from 2016-2019.”
All this is happening in the time of greatest emphasis on data security, cyberattacks and data breaches, putting more pressure on the market and organizations.
Organizations and businesses will eventually find (as always) innovative ways of resolving these challenges through in-house training and outsourcing. Meaning, if they can’t find the person for the job, they will build it.
IAPP Study indicates: “The new estimate, which indicates a half-million organizations already registered DPOs, combined with new data from IAPP’s latest salary survey, sheds light on the rapid growth of the privacy profession and the expanding role of DPOs in Europe and beyond.”
All this, only implies that privacy is the career of the future!