Trends impacting the data privacy environment
The data privacy landscape is shifting more quickly than ever before. At Thomson Reuters, we interact closely with our customers every day – whether it’s through research support, building technology solutions or discussing trends the legal market and individual customer groups are facing. Every day, we work to help our customers find the answers they need to solve complex problems in their field.
In the last few years, we’ve seen the data privacy field – across legal, financial and compliance practices – dramatically change. If you work at a company doing business across multiple jurisdictions, you understand the complexity and are likely also aware of the impending Global Data Protection Regulation (GDPR), which goes into effect in the EU this May. What you might not know is that if your company or organization does business in ANY country governed by GDPR, you are obligated to comply. And there’s a lot at stake.
Many data privacy professionals say they are not prepared to comply with the complex web of regulations. In fact, in 2017 Thomson Reuters conducted a survey of nearly 1,000 data privacy professionals in nine countries and jurisdictions and 44% – nearly half – stated they are already failing to comply with data privacy regulations. Many well-intentioned privacy professionals are unsure whether their businesses are in compliance globally.
Let’s look into what’s driving all of this change – three large-scale trends that are really shaping the privacy landscape today: digitization of data, globalization of business and the rapid expansion of the regulatory environment.
Continued digitization of data
The further digitization of data and advances in technology now allow organizations to collect and inexpensively store nearly unlimited amounts of information about consumers, customers and employees. As a society, we know this information is critical to managing large workforces and providing the customized experience that consumers want.
But it’s not without risk. Most of us hold dearly the individual right to privacy and the security of our personal data. All organizations collecting individual data are obligated to protect that data and have the right compliance policies in place according to the laws that govern their business. These policies detail, for instance, how personal data is gathered, used, stored and repurposed for marketing. We all know what happens when organizations don’t comply – we see the news headlines and experience the effects, and large companies not in compliance must manage the reputational fallout along with hefty fines.
Globalization of business
As business continues to become more global, the data that organizations collect and manage runs into a greater risk of non-compliance because it’s falling under laws and regulations from multiple jurisdictions. Data is digital and geographically agnostic – it flows across borders and essentially can go anywhere. A large global retailer based in the U.S. could have customers in 45 countries, and every state in the U.S. All of its customers, employees and other stakeholders have an expectation of privacy and how the business will care for this data. Lawmakers and regulators around the globe, each acting independently in their own jurisdiction, will act upon this expectation of data privacy by assessing and mandating how to ensure this information is safeguarded and used appropriately.
Rapid expansion of the regulatory environment
When you have individual jurisdictions, and then add in the different national and state or provincial regulatory entities, you get a tapestry of regulations that even the most talented, adequately staffed and eager-to-comply organizations can find difficult to manage. Data privacy professionals face daily challenges in identifying, analyzing and complying with the myriad global data protection and privacy laws. It is not altogether surprising, then, that nearly half of organizations surveyed (47%) said they are struggling to keep up to date or are falling behind the continuing flood of new data privacy regulations. The challenges and risks are growing every day.
We don’t see an end to any of these trends anytime soon, but we are working hard to help data privacy professionals get a better view of the regulatory landscape, get country-specific guidance and sophisticated tools to help them get a handle on this complicated compliance environment.
Editor’s Note: This post was written by Chris Maguire, Managing Director of the U.S. Corporate Segment for the Legal business of Thomson Reuters, and executive sponsor of Data Privacy Advisor – a new research solution for data privacy professionals launched Jan. 29.