Data privacy isn't a trendy or passing fad. Data privacy is a topic that is going to be around for a while, so now is the best time to make it a top priority in your business.
In 2022, regulatory compliance was the most talked about topic among executives. Compliance concerns are not just anecdotal.
A recent report by EMAOpens a new found that 95% of respondents stated that compliance concerns had impacted security strategies.
74% of respondents also indicated that they plan to increase their annual investment to address compliance concerns.
Compliance is a hot topic. But it's not new. If I had to pinpoint the time compliance discussions began to occur more frequently, it would be after the adoption in 2018 of the EU's GDPR - the most comprehensive and broad-reaching regulation on data privacy.
The GDPR may have initiated the conversation. However, the multitude of data privacy laws that followed (more later) has made it ubiquitous.
It is striking to me how the conversation has moved from "What can I tell you about compliance?" to "What should be done to avoid fines?"
Due to the increasing concern about data privacy compliance over the past year, 2023 will be a year where compliance is a top business priority across all verticals.
Let's examine the factors that led to this "perfect storm" of regulatory awareness.
What do You Know About Data Encryption and Free VPN Encryption?
Data Privacy Laws are Expanding
Many countries outside the EU have adopted similar legislation since GDPR. Opens a new window More countries are now following their lead.
Companies based in the United States that are global have to evaluate their data security measures to ensure compliance with international privacy regulations.
U.S.-based businesses that are only involved in the domestic business are also paying attention. Individual states are creating a standard for how privacy is addressed in the U.S. despite not having a national data privacy referendum.
In 2023, four states - Colorado, Connecticut, Utah, and Virginia - will enforce state data privacy laws. California will be the first state to enact such legislation in 2018.
It will also begin enforcement of the California Privacy Rights Act in 2023. In 2022, three other states - Ohio, Pennsylvania, and Michigan - introduced privacy laws. Many companies are already covered under at least one privacy law.
Those who aren’t are sure to see the writing on the wall. Even if there is no national referendum, it is essential to ensure that companies remain competitive, especially on a global level.
It is Difficult to Comply With Multiple Laws
It is one thing to sort out the confusion of a single privacy law, but it is quite another to navigate multiple laws. Many data privacy regulations are different, and therefore action plans to address them vary from one law to the next.
The Utah Consumer Privacy Act (UCPA), for example, is more favorable for businesses than CPRA, which offers greater consumer protection. Many laws also have different definitions of sensitive information and how it should be protected.
These are only two of many complicated variances. There are many others across all state laws on data privacy.
Companies that have operations both in the US and abroad find it more difficult. According to many business leaders, trying to comply with each law is like walking in the rain and not getting wet.
Cloud Migration Made Companies More Easily Vulnerable to Noncompliance
Many businesses suffered from an unintended consequence of the pandemic and subsequent migration into the cloud, inadequately protected cloud data.
Many companies attempted to make an instant transition from an office environment to a virtual workspace. However, they prioritized speed over security.
This led to many organizations leaving sensitive data exposed and potentially violating compliance. Many organizations are still trying to make sure their cloud processes comply with data privacy regulations.
Organizations are now more motivated than ever before to invest additional resources in the cloud to reap the benefits and maintain compliance.
Data Privacy Fines Are Grabbing Headlines
Sometimes, a headline can grab your attention quicker than the details of a legal document.
Sephora was fined $1.2 Million in 2022 for not following the California Consumer Protection Act (which will soon be replaced by CPRA) on January 1, 2023. Amazon was fined $887 million for not complying with GDPR, while WhatsApp was penalized $227 million.
Companies will be making an effort to comply with state data privacy laws as they become effective in 2023 and avoid being penalized.
The way Companies Use and Share Data Has Changed
Clients and potential clients raised concerns over the balance between data protection and data usage in the past year.
It is more difficult to do so when you consider the fact that data analytics happens in the cloud, which has its own set of vulnerabilities, as we have discussed.
Compliance must be a priority for next year, with these five factors at an all-time high. In 2023, companies that take a proactive approach to data privacy and security will be in a position of advantage.
Companies that use tools and processes that go beyond compliance to address how data must remain secure as new laws and existing laws change will be in a better position than their competitors.
Data privacy isn't a trendy or passing fad. Data privacy is a topic that is going to be around for a while, so now is the best time to make it a top priority in your business.