Data collected from customers’ personal devices is the backbone of many of the world’s large enterprises. Almost 2.5 quintillion bytes of data are generated every day. During the past decade, enterprises have made use of the personal data of customers for their own benefit and purpose, severely compromising the privacy of users. But today, customers are cautious of what personal information they want to share. They have lost trust in companies, especially during the pandemic, which witnessed an alarming increase in data breaches.
There is a rise in data privacy regulations globally as people’s mistrust in various organizations is continuously increasing. Various new data privacy regulations such as GDPR (General Data Protection Regulation) in Europe, CCPA (California Consumer Privacy Act) in the US (United States), and PDPA (Personal Data Protection Act) in Singapore have been brought into practice by governments across various geographies since past few years. These data privacy regulations are based on three core aspects: transparency, accountability, and user control.
Enterprises operating in multiple geographies need to manage multiple regulations and adhere to the data privacy regulation of that geography. Noncompliance with data privacy regulations can damage the reputation of an organization. The Government of India recently withdrew Personal Data Protection (PDP) bill as this bill was giving customers limited control over the usage of their personal data.
Challenges Faced by Enterprises
For large enterprises, these regulations present a new set of challenges. Below are some of the challenges faced by enterprises.
· There is a limitation on the data that can be used by enterprises. Enterprises need to build a good reputation and trust with customers. Now, they can only use the customers’ data for which they have provided their consent.
· As new data privacy regulations are being framed, there is a lack of understanding of new regulations. The problems of data privacy professionals and other stakeholders have been amplified, especially in those areas where these regulations are not clearly defined.
· Visibility is one of the major challenges faced by enterprises. As organizations move to cloud platforms, the problem is multiplied since data is distributed at such a large scale that finding the source of the breach is difficult.
· With a considerable number of regulations in place, it is difficult to decide what level of data privacy needs to be achieved for different data sets.
Effects of Non-Adherence to Data Privacy Regulations
Non-compliance with data privacy regulations can affect enterprises in the following ways.
· Non-compliance with data privacy regulations increases the risk of a data breach. The data of millions of customers can be jeopardized.
· The brand value of an enterprise can go for a toss and have devastating effects on its revenue line
· The customer base is affected due to an increase in customer mistrust which will shift the loyalty of customers to an enterprise
Global internet traffic is increasing at a supersonic speed. The exchange of such a large amount of data across borders has increased the concerns of governments worldwide. Also, moving data between countries with different privacy regulations is a major challenge. As a result, many countries do not allow the cross-border transfer of data and have data localization requirements due to privacy concerns. Other countries have regulated the cross-border transfer of personal data. However, data privacy regulations should focus on enabling cross-border data flows due to the business benefits associated with it. Many businesses thrive on cross-border data flows using technologies like artificial intelligence to reach customers globally. The personal data of the customers can be exchanged between various locations worldwide. E-commerce companies like Amazon and eBay operate on this business model. Enabling cross-border data flows will also boost the economic growth of the country.
Not adhering to data privacy regulations can have a tremendous impact on businesses. Thus, we recommend the following:
· Enterprises should look at implementing a ‘privacy first’ approach and automating privacy management systems
· Enterprises need to build effective data protection solutions. iEDPS (Infosys Enterprise Data Privacy Suite), compliant with various regulations, can be proposed to enterprises looking to protect their data. With capabilities such as data obfuscation, synthetic data generation, differential privacy, and privacy impact assessment, it can prove beneficial for an organization.
· Privacy-by-design principle should be implemented by enterprises to develop proper privacy controls
· Employees of an organization should be made aware of data privacy and various regulations across the globe. The impact of data breaches should be well-known to employees who process personal data.
Data privacy regulations are still evolving. They are expected to govern the personal data of most of the world’s population in the coming years. The data privacy regulatory environment will become more comprehensive. Today, makers of data privacy regulations take privacy seriously. A well-framed regulation will increase the trust of consumers and will boost business growth since consumers will be ready to share their personal data, which is the lifeblood of the global economy. Enterprises having an effective data privacy strategy, that satisfies the requirements of data privacy regulation will achieve business benefits eventually.