TrustArc CEO Chris Babel shares insights into privacy-related news and discusses what companies can do – from shifting their perspective to making strategic course corrections – to gain a leg up on the competition.
Chances are, many organizations have already experienced a major shuffling of roles and changing of processes to accommodate GDPR mandates. Still, many organizations did not fully operationalize privacy and compliance, instead treating GDPR as a one-off checkbox to mark. Now, companies have another opportunity to implement stringent and ongoing compliance. Companies have a little more than a year — July 1, 2020 — before they must demonstrate compliance with the California Consumer Privacy Act (CCPA), which will be implemented January 1, 2020. One key for turning data privacy into a strategic function will be to monitor and stay abreast of the following privacy trends.
1. Death, Taxes and Managing Privacy
Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes. The same approach must hold true for any new mandate, such as CCPA, that governments enact. Leaders must shift organizational mindsets so that they approach privacy and compliance as an ongoing project.
2. Ethics Will Become Increasingly Important to Data-Driven Innovation
The concept of demonstrating ethical approaches to business was once a focus only in health care, research and highly regulated organizations. GDPR, CCPA and similar laws are pushing businesses across sectors to consider ethics. Now, leaders and the companies they represent must show that the benefits new tech and other innovations bring do not outweigh the potential for data misuse and other risks. While companies may start with a check-the-box compliance exercise, the more innovative players will look to differentiate themselves from their competition by setting up ethical review committees, ethics teams and data ethics officers to formally consider the implications of algorithms and machine learning on customer trust and business outcomes.
3. Consumers Will Exercise Their Right to Privacy
Consumers are already more aware than ever before of their (in some cases) newfound rights to privacy. Moving forward, they will grow to better understand the rights and mechanisms that regulations like the GDPR and CCPA have made available to them to manage and protect their data. As a result, we will see consumers become more engaged and active in controlling their privacy settings, such as sharing less information, unsubscribing from marketing communications and requesting either copies of their data or that companies delete their data entirely from marketing databases. Leaders who are aware of this fact can begin to make adjustments to company strategy in order to better meet consumers on their terms in this privacy-heavy environment.
4. GDPR Enforcement Could Blunt Competitive Edge
Most people associate GDPR enforcement with heavy fines levied against organizations. However, enforcement can be much worse than onerous financial penalties. An advertiser was recently forced to cease operations in an entire European market as a result of a GDPR violation. As the number of privacy regulations grows, we will continue to observe that failure to comply with those mandates could impact a company’s operations as much as its checkbook. Companies that don’t meet GDPR and other privacy and security requirements will lose business to competitors who do.
Staying Abreast of Privacy Trends Will Drive Innovation and Differentiation
While some worry that increased regulation will harm organizations’ ability to innovate and create new products, the opposite is true; privacy regulations, as the new realities of the world, will force companies to re-examine their approaches to developing innovative and differentiated products and services.
For example, regulations like GDPR are forcing marketers and advertisers to re-evaluate how they use customer data. The organizations that embed compliance into their entire product development processes — aka privacy by design—will be able to clearly differentiate against their competitors by offering compelling value to their customers. So, while maintaining and demonstrating ongoing compliance will necessarily require changes to company strategy, the end result is a boost to innovation and differentiation. By understanding trends impacting privacy and adhering to what they suggest, organizations will not only get ahead of compliance, but will more likely build a greater competitive advantage, as well.