DPOInsider #35

GDPR Everywhere; Data Privacy Day

Jan 27

The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

Is it time for ‘GDPR everywhere’?

Compliance has always been a tricky business, but with the global economy, it's become even more complex. In the past, companies only had to comply with the regulations in the countries where they did business. But now, with remote workers and the ease of moving data between different regulatory regions, companies need to be compliant everywhere.

Data privacy laws are especially important to keep in mind. With the cloud, companies can have servers anywhere, but if they don’t take good care, data can end up being stored or transmitted through parts of the world with different regulations. I would argue this is entirely likely to happen.

And every country’s regulatory body has its own ideas about how far it should go in protecting its citizens and what that means for businesses collecting and processing data.

But there's a way to stay on top of these inevitable changes - GDPR everywhere.

By adopting the standards of GDPR, no matter where a company holds or processes data, they know that they are meeting a very high standard and can boast about maintaining these standards where competitors can’t. And as GDPR gets used as a template for other countries adopting data privacy laws, it becomes easier to look at how these new laws differ and change appropriately.

It's essential to look at the trends and stay ahead of new regulatory requirements in countries where the company doesn’t yet do business.

This way, businesses can turn privacy compliance into a differentiator, not just a way of following the rules.

That’s going to be my approach this year.

Data Privacy Day - Some Best Practices

It’s data privacy day, so it’s time to raise awareness etc etc.

It’s always good to get a weigh-in from some experts now and then.

So that’s what we’ll do in today’s DPO insider:

First up, it’s a reminder of the importance of continuous review:

Eric Kedrosky, Cloud Security CISO and Pioneer

“Data Privacy Day serves as a reminder for organizations to continuously review their handling and protection of sensitive data, particularly as more of that data resides in the cloud. Every organization with data in the cloud needs to continuously assess where their data resides, which data is truly sensitive, who or what has access to it (including not just people identities but non-people identities as well) and what they could potentially do with it. Without understanding the relationships between data and identities, it’s difficult if not impossible to find and address the vulnerabilities that put data at risk.”

Others think that the state-by-state approach to regulation in the US isn’t working and would like to see a federal law in the US:

Fiona Campbell-Webster, Chief Privacy Officer, MediaMath

“We’ve come a long way on the journey since 2018 when GDPR led the way for the world to start creating a plethora of privacy laws, each with its own special nuance. This is fantastic for privacy awareness and business adoption, but it has become operationally challenging for businesses, both small and large, to navigate and implement the variety of privacy contractual, technical, disclosure and consumer rights requirements at both a global and national level.
We urgently need greater harmonization between differences in consumer privacy and data protection state laws and global laws. We need this harmonization to provide greater transparency and clarity of available privacy rights for consumers. We need this harmonization to create certainty for businesses in digital economies and minimize resource burdens and create scaled opportunities for businesses to flourish especially small businesses. Bi-Partisan Efforts and strides made to pass a comprehensive US Federal privacy law ADPPA in 2022 need to be revived and accelerated in 2023 to reduce the lack of clarity and uncertainty in the current fragmented state-by-state approach.”

Data privacy is a human right:

Jeff Sizemore, Chief Governance Officer, Egnyte

“Data Privacy Day reminds us that personal privacy is being viewed more and more as a global human right—by 2024, it’s predicted that 75%Opens a new window of the world’s population will be protected under modern data privacy regulations. We will continue to see data privacy gain significant traction across industries and business disciplines, such as with personal financial data rights. Company trust will increasingly have a larger impact on customers’ buying decisions as well.

We need the right tools to make DPO’s daily jobs easier:

Carl D’Halluin, CTO, Datadobi

“A staggering amount of unstructured data has been and continues to be created. In response, a variety of innovative new tools and techniques have been developed so that IT professionals can better get their arms around it. Savvy IT professionals know that effective and efficient management of unstructured data is critical in order to maximize revenue potential, control costs, and minimize risk across today’s heterogeneous, hybrid cloud environments.
However, savvy IT professionals also know this can be easier said than done without the right unstructured data management solution(s) in place. And, on Data Privacy Day, we are reminded that data privacy is among the many business-critical objectives being faced by those trying to rein in their unstructured data.

You can read nine more pieces of advice in the full piece here.