Greetings from Brussels!
With the advent of 2020, we face the dawn of a new decade. On reflection, the last decade was decidedly a game changer for data privacy and its practitioners. Perhaps the more abiding reality for business and public sector actors alike was the massive and exponential amounts of personal data being constantly generated — and processed — as access to personalized technology in the form of smart platforms and devices matured and went mainstream. Business capitalized on those data assets available to them. User datasets multiplied and grew at a rate faster than any security or privacy measure could be designed and built to protect them. The past decade saw several significant data breaches from well-known companies, such as Target, Yahoo, British Airways and Equifax to name a few. In the coming years, companies will need to find better ways to protect their data and ensure customer privacy. It will remain undoubtedly a priority challenge for companies the world over for some time to come.
Another defining feature in recent years was the increase in focus on a variety of new government data privacy regulations. Data privacy simply went into overdrive due in part to data mismanagement, as well as cyberattacks increasing in size, sophistication and cost. We saw the introduction of the GDPR, the most significant overall of regional national legislation ever with broad reach. Public legislators woke up across the globe from Europe to the U.S. — the CCPA went into effect 1 Jan. — from Australia to India and then some more. This is perhaps symptomatic of a growing realization that there is both social and economic needs to get ahead of data flow innovation and its impact on citizens and their rights.
In 2020, organizations and their boards will increasingly acknowledge that data privacy is a differentiator. Apart from legal sanctions, the risk of reputational and brand damage, coupled with public mistrust, are all too apparent. Consumer trust and privacy are paramount, and the regulatory community will continue to face immense pressure to regulate in the face of media scrutiny and public opinion. The "responsible" organization will embrace data privacy as a core value, and it will continue to be embedded into corporate culture and process. How else can one build lasting and continuous data privacy assurance? I recall my days working in the outsourcing of contact and data centers and developing and implementing broad CRM solutions for Fortune 500 companies. In processing huge amounts of personal data across multiple platforms globally, little attention was given to layered privacy by default or design. With hindsight, some of the industry practices then would shock today — that was the late nineties and early noughties, not that long ago. Today’s lightning advances in technology in the fields of AI, automation and cloud services will herald in fundamental and complex changes in the way data protection unfolds. The organization that does not adjust to the new paradigm may not see the next decade.
A continued key trend in the coming years will remain third-party risk management. More robust outsourcing, vendor management and supply chain solutions in a pervasive digital age will be tactical and key to organizational strategy; therein lies considerable risk and exposure. Moreover, where breaches at the larger multinationals have dominated the landscape in recent times, their third-party relationships may prove more vulnerable in the coming years. Defending and proofing those supply chains in continual fashion will be critical. The GDPR requires it.
The IAPP looks forward to engaging with you and keeping you abreast of the professional developments in the space during the coming year. 2020 could be very busy, so with that, I wish you all a splendid start to the new year.