The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

A new year but more data breaches

It’s not surprising, but it seems that data breaches are on the increase and this is presenting significant challenges for data protection officers.

Already this year, online grocery delivery service Weee! reported a data breach affecting 1.1 million customers, while medical groups in the Heritage Provider Network suffered a breach impacting over 3 million patients. More recently, Reddit reported a data breach that exposed its internal documents and source code.

The potential consequences of data breaches are severe, both for individuals and organizations. For individuals, data breaches can lead to identity theft, financial losses, and other harm. For organizations, data breaches can result in lost revenue, damage to their reputation, and legal and regulatory consequences.

Legislators have also recognized the need for strong data protection measures in the face of increasing data breaches. They have implemented regulations that hold organizations accountable for protecting personal data, such as the GDPR, and imposed severe fines for non-compliance.

These regulations place a significant responsibility on data protection officers to ensure that their organizations are fully compliant with data protection laws and regulations.

So, what can we learn from all of this? In a world where data breaches are on the rise, data protection officers need to be proactive in protecting sensitive data.

This means implementing strong security measures, educating organizations on the risks and consequences of data breaches, and staying informed on the latest trends and incidents.

It's also important to understand the broader context of data protection, including legal and regulatory requirements, and to work with legislators and other stakeholders to comply within these regulations.

If we assume that it could be a case of when not if, it’s important ot have systems that can limit the risk that organizations are exposed to - it could be time to look at how compliance tools can help reduce the manual work that goes into compliance.

How GDPR changes the tech stack

As we know, Europe has been leading the way in data protection for consumers with the GDPR. However, with the introduction of similar laws in the US, companies are realizing that their highly integrated technologies, that were previously efficient, are now becoming a liability.

I came across an interesting article that highlights how privacy regulation is dramatically changing the tech stack as we know it.

When it comes to building digital services like e-commerce websites, companies often choose connected components that are commonly used together, which results in a highly integrated technology stack.

However, with the introduction of new privacy regulations, this integration can become a serious obstacle. Tech companies that provide the software for these components can struggle to ensure their own compliance, which can impact their users.

Does this mean that companies will move away from highly integrated technology stacks and instead rely on combinations of technologies from different suppliers that are not usually combined and don’t automate data sharing between each other?

The article quotes a study conducted that showed that firms that had built their websites for efficiency, choosing tightly integrated services from closely linked suppliers, suffered disproportionately when GDPR came into force. In contrast, companies that deployed new combinations of technologies not extensively used before performed much better.

The focus should be on recombination, which gives firms more flexibility in dealing with GDPR. Companies may choose a mix of proprietary and open-source technologies to reduce the number of interdependencies they need to consider. By drawing solutions from different technology stacks, firms had developed experience with different types of services and suppliers, allowing them to switch between digital solutions while staying compliant with GDPR as needed.

As new privacy regulations are arriving at a rapid pace in response to growing concerns about the social consequences of digital technologies, flexibility can be as important as efficiency. By focusing their data strategy on flexibility and using loosely integrated sets of technologies, firms in the U.S. may be able to learn from the European experience and achieve a smoother transition to the new data protection legislation.

Other data privacy news

Regulator Halts AI Chatbot Over GDPR Concerns

Data Privacy: Compliance Not Enough for Consumer Trust

Who Has My Data? EU Court Rules GDPR Requires Disclosure of Data Recipient Identities, Not Just Categories, in Response to Data Subject Access Requests

Posts of the week

Robert Bateman @RobertJBateman

The Digital Services Act (DSA) applies differently to Very Lage Online Platforms (VLOPs). Companies have until Friday to declare how many monthly active users they have in the EU. Will Twitter meet the threshold of a VLOP (45 million monthly active users in the EU)?

12:52 PM ∙ Feb 14, 2023

Data Protection Commission Ireland @DPCIreland

Online service providers processing children’s data should ensure that the pursuit of legitimate interests do not interfere with, conflict with or negatively impact, at any level, the best interests of the child. For more information, go to: dataprotection.ie/en/dpc-guidanc…

12:30 PM ∙ Feb 16, 2023