Data privacy regulations are not yet standardized across the US or globally. 75% of consumers reported that they will not purchase from or support companies with poor data ethics, making data privacy practices critical for businesses beyond legal obligations.
Data privacy laws are projected to take center stage in 2023, galvanized by California regulations going into effect, and it’s critical for leaders to be up-to-date on the latest in data privacy regulations and best practices.
This is what (and who) it takes to implement data privacy practices and secure customers’ personal data:
DATA PRIVACY REGULATIONS
Data protection regulations have been enacted in the European Union and more recently US states including California, Colorado, Connecticut, Utah, and Virginia, and adopted some form of data privacy legislation. Experts predict the larger scale and, eventually, universal adoption of data privacy regulations in the years to come.
Currently, the two major pieces of legislation affecting data privacy are the General Data Protection Regulation (GDPR) adopted by the EU, and the California Privacy Rights Act (CPRA) enacted by the California legislature in 2020.
GDPR
Known as the toughest privacy and security law in the world, GDPR was drafted and passed by the EU. It imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The GDPR was put into effect on May 25, 2018, and fines can be as high as tens of millions of euros.
CPRA
The CPRA was enacted in 2020 and became effective starting January 1, 2023. This act significantly expands privacy laws in the state, previously laid out in the California Consumer Privacy Act (CCPA), and outlines consumer rights and business obligations when it comes to the collection and sale of consumer data and personal information.
8 resources to jump start your data privacy solutions
CALIFORNIA PRIVACY RIGHTS ACT (CPRA) | CCPA VS CPRA
This is the first comprehensive consumer privacy legislation in the US and is changing the way companies do business. Whether your organization operates in California or not, building data privacy into business operations will be paramount for organizations in 2023 and beyond.
This resource from Cookiebot offers an overview of the CPRA, the differences between CPRA and CCPA, the timeline, and a breakdown of the data privacy measures organizations should take to become compliant.
HOW FINANCIAL INSTITUTIONS CAN DEAL WITH GDPR
GDPR applies to any company that collects data related to people in the EU, not just companies that are based within it. With that, only 35% of organizations have a data breach reporting procedure that aligns with GDPR.
CDW examines how Financial Institutions can deal with GDPR and what key technologies to implement to manage the new requirements.
DATA PRIVACY TRULY MATTERS TO YOUR CUSTOMERS. IT’S TIME TO MAKE IT A CORE BUSINESS VALUE
According to a study by MAGNA Media Trials and Ketch, 74% of consumers regularly identify data privacy as a top concern. Across all age groups, it is valued more than issues of equality, sustainability, or any other ethical nature. Aside from legal obligations, companies need to prioritize data privacy to align with the priorities of their customers.
VentureBeat provides three recommendations for winning customers’ trust in regard to data privacy and protection.
16 WAYS TECH LEADERS CAN KEEP UP WITH DATA PRIVACY LAWS
Data privacy regulations are going into effect in the US and EU, but there has yet to be a universal data protection law put into place. With this, tech leaders have to go further to say up-to-date on data privacy laws.
The Forbes Technology Council shares 16 tips for Tech business leaders looking to become or stay compliant in the ever-changing data privacy landscape.
DATA PRIVACY VS. DATA SECURITY: FOUR IMPLICATIONS FOR BUSINESS LEADERS
$4.35 million. That was the average cost of a data breach last year, not factoring in non-monetary costs like damage to brand, reputation, and customer trust.
Forbes breaks down the difference between data privacy and data security and four key takeaways for business leaders.
DATA PRIVACY AS A STRATEGIC PRIORITY
Regulatory risks and business drivers are prompting companies to shift resources and attention to data privacy. Data privacy compliance will require a comprehensive program that outlines data collection, management, protection, and use.
Deloitte examines data privacy as a strategic priority, outlines key process areas for managing data privacy risks, and shares four reasons why “keeping everything” is not feasible when moving toward data privacy compliance.
WHAT IS DATA SECURITY? DATA SECURITY DEFINITION AND OVERVIEW
According to IBM, data security “is a concept that encompasses every aspect of information security from the physical security of hardware and storage devices to administrative and access controls, as well as the logical security of software applications. It also includes organizational policies and procedures.”
This guide outlines data security strategies, solutions, and trends, and discusses six key components to delivering a comprehensive data security strategy that incorporates people, processes, and technologies.
AN IN-DEPTH GUIDE TO ENTERPRISE DATA PRIVACY
Data has been referred to as the world’s most valuable commodity and, in the business sphere, helps organizations better position themselves and their offerings. With data becoming a mainstay in business operations, building a solid data privacy foundation is paramount.
CIO Insight offers five next steps for CIOs and data privacy officers including crafting privacy plans and policies and how to frame data protection long-term.
WHO IT TAKES
To build a team equipped to move your organization into data privacy compliance now and keep up with the changing data protection landscape in the future, add these roles and skills to your team:
Data Privacy Analyst
Develops solutions and automated controls that support the organization’s privacy infrastructure.
Data Privacy Subject Matter Expert (SME)
Manages routine compliance activities, such as the Data Protection Impact Assessments (DPIA’s) that the GDPR mandates for privacy assessment documents.
Data Privacy Manager
Maps corporate data flow, improves data privacy education and awareness across business units, monitors and highlights possible privacy problems, and offers an appropriate resolution.
Data Protection Officer
Aids in tracking internal compliance educates about data protection responsibilities, offers guidance on compliance and assessments, and serves as a point of contact for data subjects.
Information Security Manager
Prevents security breaches and cyber threats from affecting an organization’s computer systems, networks, and databases.
Information Security Auditor
Focuses on outdated systems that may be vulnerable to hacker attacks while examining the efficacy and safety of computer systems and their security components.