Data Privacy Day: Searching for the Lost Trust
A commemoration of what could have been? Or a celebration of trust reborn?
Today, the 28th of January, is International Data Privacy Day. 11 years after its creation, countries and organizations have come together to put trust back at the core of the digital revolution.
2018 was indeed the year where personal data protection moved at the top of the board’s agenda for most organizations. Driven by the adoption of new regional data protection laws starting with GDPR to China’s cybersecurity law, India’s data protection bill, California’s Consumer Privacy Law and more… and replete with increasingly high profile data breaches.
Since the GDPR came into force in May 2018, the EU National Data Protection Authorities (DPAs) have examined thousands of complaints and recorded an increasing number of data breach notifications. DPAs in countries like Austria, Portugal, Germany, UK and France have even issued hefty fines for companies violating the GDPR regulation.
Just last week, the French DPA (CNIL) issued a 50 million euro fine against Google for their failure to inform people of how they are processing data and a lack of valid consent regarding the personalization of their ads.
A shift in public perception
Following the public outcry after the Facebook/Cambridge Analytica debacle in March 2018, consumers are more concerned about their digital footprint and how their personal data are harvested and used by corporations.
Even if Facebook did not lose millions of users (FOMO – Fear of Missing Out - is still going strong!), 54% of surveyed US, UK, German and French citizens stated that they are more wary of sharing personal data online andan 78% are more likely to turn their back on a brand if it had recently been breached.
The changing approach to privacy
Despite this strengthened regulatory framework and citizens’ heightened sensitivity to privacy issues, many organizations are still lagging in terms of data protection and data privacy governance.
50% of organizations still believe that they are far from being compliant with GDPR and many believe that they will never be fully compliant with the regulation.
GDPR is considered as a challenge by organizations because it is an afterthought. In their race for digitization, most organizations did not bother with data protection and privacy considerations. Therefore, organizations have now to review how their digital environment has been built and how it has evolved. They need to understand where personal data is stored, duplicated and used to put in place the necessary foundation for proper data governance and data management as per the various regulations.
Even if these key steps seem tedious, by assessing their current security measures and overall data protection and privacy maturity, organizations can identify the path to Privacy and Trust.
When organizations measure the risk of personal data misuse, they can identify the proper privacy risk mitigation approach. Such an approach will rely on technologies, processes and governance to:
- Embed privacy by design in the digital transformation process
- Enhance data discovery and classification
- Enable control over personal data usage
- Create transparency by adopting global privacy, ethics and accountability policies and practice
- Implement privacy controls to protect data (data encryption solutions)
- Implement the necessary controls to demonstrate compliance through Security Operation Center monitoring and reporting
You can check our approach to GDPR compliance spanning from GDPR readiness, to customer rights management, to data breach notification and privacy by design.
We have always encouraged organizations to adopt data privacy regulations as enabler of Trust. In the blog articles posted on our platform, we have highlighted that consumers are warier of none transparent data handling policies and are savvier in terms of protecting their digital footprint.
We have long believed that ethical and transparent personal data management will be a business differentiator in this pivotal next phase of the digital revolution. And we have the figures to prove it!
In Gartner’s report on privacy vendors, they noted that by 2020 organizations that have adopted best practices for protecting their customers' privacy will gain 10% more in revenue over competitors that are caught lagging.
So, what are you waiting for?