The global landscape has been drastically altered in 2020 as the world has faced a pandemic unprecedented in the modern era. As Covid-19 spread across the globe, the geo-political, social and economic landscape was set for a change. The privacy of citizens was highlighted as governments wanted to make use of tracking technology and personal data in order to control the spread of the virus. As the General Data Protection Regulation (GDPR) reaches its second anniversary with mixed reviews, it is time for businesses to reflect on the impact the regulation has had on the spread and impact of privacy laws globally.
However, despite the widespread attention the GDPR has received, global data-driven organisations must realise that their businesses are impacted by other laws. Following the privacy issues raised by Covid-19, the public and the media now have increased awareness about privacy rights which could result in the global privacy framework becoming more complicated. As people become more aware, it becomes harder for businesses to make sure they are always on top of compliance requirements. However, businesses must make sure they are keeping up with the ever-increasing global laws as without doing so they may risk losing customer trust and as a result, a loss in reputation and revenue.
Global regulations go beyond GDPR
So, what other global regulations are there? As of June 2020, over 20 US States have privacy Acts or developing Bills in front of their legislatures, with a number of other states having privacy task forces in place. Brazil, South Africa and India’s new data protection laws are passed or are at an advanced stage in the legislative process, joining countries that already have modernised data protection and privacy laws, such as Canada, Russia, Japan, Singapore, South Korea, Malaysia and Nigeria – and many others which are on that journey. Although Covid-19 has delayed the legislative processes, with Brazil, South Africa and India’s laws being postponed, more than 60 counties have now introduced privacy laws in response to their citizens desire for control over their privacy and data protection rights. In increasingly globalised markets and with the ever-increasing adoption of cloud computing and PaaS, IaaS and SaaS services, few large organisations can ignore what we can call the ‘global privacy framework’.
How can these regulations help with the burden ofcompliance?
With so many different approaches to data protection, managing and analysing data while maintaining customer trust is becoming increasingly difficult for companies with global footprints. As a result of the increase in data protection regulation and awareness, Forrester is predicting a 300% increase in privacy class actions . This is because when companies start to dig into the requirements of different laws, for example Brazil’s LGPD has ten lawful bases of processing, compared to GDPR’s six, they realise a ‘one size fits all’ approach may not work.
How can companies address the ‘compliance overhead’associated with the global privacy framework?
The answer really is quite simple. Companies can stay on top of global regulations by being aware of the one constant regardless of the jurisdiction: privacy laws are based on the protection of ‘personal data’. The key therefore lies in genuine anonymisation. When companies turn to genuine anonymisation of personal data, they are able to assist with compliance and build customer trust, regardless of the jurisdiction. Further, the analytics from data anonymisation allows organisations to unlock the value of their data and eliminate risk of being exposed to global privacy laws.
Data privacy regulations are necessary as the rights to use personal data are narrowing and the rights of data subjects are expanding. Especially in this time where privacy is in the limelight, the risk of fines, negative brand image and drop in revenue are very real. Companies must come to the realisation that they shouldn’t be looking with how to comply to the complex global privacy framework, but rather how to avoid it altogether.
Data anonymisation is a tool that is key for data-driven organisations. It creates the crucial mindset, fail to plan, plan to fail. Even if organisations are complying with regulations at this moment in time, there is no guarantee that the privacy framework will not grow, change and evolve. Organisations must be aware that the impact of current events could easily change the way we do business using personal data. As a result of this, the compliance burden is only set to get harder and forward-thinking is essential for businesses to have a successful future.
 Aoife Sexton, GDPR 2nd Anniversary Report Card available at https://www.linkedin.com/pulse/gdpr-2nd-anniversary-report-card-some-work-done-more-do-aoife-sexton/?trackingId=B2iW8FJkSqGlECxUkKpy6Q%3D%3D