Written by Etti Berger, CEO and Co-Founder, TripleP Training and Consulting Ltd.
The explosion of social networking services usage, along with the change in status of the mobile phone (smartphone), together with the proliferation of mobile internet uses and the increasing porosity between public and private life bring us to huge amount of personal and sensitive data that is being shared with companies and organizations. We talk about banking information, contacts, addresses, social media posts, and even your IP address and the sites that you’ve visited are all stored digitally.
Companies tell you that they collect this type of information so that they can serve you better, offer you more targeted and relevant communications, all to provide you with a better customer experience.
But, since 2018 we have been facing a new era. New data protection regulations put the consumer in the driver’s seat, and the task of complying with these regulation falls upon businesses and organizations.
A year ago, Europe’s General Data Protection Regulation (GDPR) set the tone for privacy, making it a cornerstone of their landmark legislation. In the 12 months from May 2018 to May 2019, privacy regulation has experienced change in all major hubs of data creation, from the U.S. to China and from Europe to Latin America.
Whether your organization works locally or operates globally, privacy regulations impact your decisions when collecting or processing personal data, which has become omnipresent in all facets of business. The result is a delicate balance for law enforcement officials, IT leaders, and businesses as they strive to protect sensitive information, a difficult task that seems to become more challenging by the day, without violating the privacy rights of their customers or employees through things like monitoring programs or endpoint data loss prevention protocols.
The following regional breakdown examples provides both a roundup example of recent key updates as well as clear recommendations for the coming year:
The Way Forward
As more countries adapt their privacy laws toward the GDPR, there is an inflection point that we are expected to cross in the 2019-2020’s time frame. At that point, a large portion of the spending power will be located in countries with mature privacy regulations (demand), forcing hosting providers, developers and vendors (supply) to harmonize against a common standard. Many countries and organizations today see this shift and have introduced privacy policies, with the intent of working toward the GDPR and becoming part of a modern data market.
Security and risk management leaders charged with supporting their businesses in a highly competitive market should enforce a modern privacy standard in line with the GDPR and focused on the data subject. This will allow organizations to differentiate their offering and grow unhindered. Organizations should align with positive and quantifiable change targets in line with core business goals so as not to allow privacy management to be seen as yet another cost center. Customer retention cost of acquisition of new customers and data storage cost reduction are just some of those positive targets.