This article from Aoife Sexton, Trūata’s Chief Privacy Officer and Chief of Product Innovation, recently featured in IT Pro Portal.
Organizations that adopt a proactive, privacy-centric approach will be better positioned to manage regulatory risk.
As consumers become more aware of how modern digital technology can erode their privacy, governments are responding by introducing new laws at speed. It is a trend that shows no sign of abating. Gartner predicts that by 2023, 75 percent of people across the world will have their personal data protected by privacy regulations, compared to just 25 percent today.
The volume of data privacy regulations for organizations to follow is challenging, especially for companies operating across multiple jurisdictions. However, businesses cannot risk becoming overwhelmed and paralyzed into inaction if they wish to gain the competitive edge and leverage the full value of the data they have at their disposal. At the same time, compliance with privacy laws should not become a mere tick-box exercise. With digital trust at a tipping point, adopting a privacy-centric mindset is now a business imperative.
Our recent Global Consumer State of Mind Report found that nearly half (48 percent) of consumers feel they have lost control over how much data is stored about them and 76 percent believe that the onus should be on companies to protect personal data. This presents an opportunity for businesses to build bridges and retain trust by demonstrating the value they place on privacy. After all, 69 percent of consumers said they are more likely to be loyal to a brand if they are seen to use their personal data appropriately and responsibly. Losing sight of the human factor could become costly for companies in the long run.
A shifting privacy landscape
Navigating the various international privacy regulations that have been introduced to protect the data that businesses collect, process, store and share has never been more challenging. The key principles of transparency, data retention and security are a constant presence, but the landscape continues to shift on almost a weekly basis.
From East to West, the privacy landscape is evolving at pace. More recently, the Chinese parliament has passed a new privacy law, which is due to come into effect on 1st November 2021. This law, the Personal Information Protection Law (PIPL) follows months of state input in tightening regulations on the collection of user data, which has already led to several popular apps being banned in the country. Along with the Cybersecurity Law and the Data Security Law, PIPL will form an overarching framework to govern data protection, cybersecurity and data security in China for years to come.
In the US, the California Privacy Rights Act (CPRA) will become fully operative from 1st January 2023 and will apply to all personal information collected by businesses. This act will amend and supersede the current California Consumer Privacy Act (CCPA) and make various changes to the rules on the processing of sensitive personal information, in addition to amended consumer data rights.
This is not the end, though. Several other countries are expected to adopt new or amended regulations in the foreseeable future. In India, the Personal Data Protection Bill (PDP), is currently in front of parliament to approve. The bill includes specific requirements on the use of individual data, limitations on the purposes for which data can be processed by companies, and restrictions to ensure that only data necessary for providing a service to the individual in question is collected.
Then there is the EU’s ePrivacy Regulation designed to regulate the use of electronic communications services. It was originally intended to come into force in 2018 alongside the General Data Protection Regulation (GDPR) but has been delayed. A finalized text was agreed earlier this year by the EU Council that moves the ePrivacy Regulation into a new phase of negotiations amongst the various EU institutions. Nevertheless, the exact date it will come into force is still anyone’s guess.
Follow the link to read the full article: How to navigate multiple data privacy regulatory frameworks