Best practices to prepare for new data U.S. protection regulations

Register now

Data privacy protection was taken to a whole new level when the General Data Protection Regulation was implemented by European lawmakers in May 2018. Under GDPR, vendors are required to be fully transparent with customer data belonging to European residents and comply with stringent data management requirements. It gives businesses legal incentive to properly manage and protect customer data and gives customers the opportunity to opt-out at any point.

While businesses scrambled to meet these compliance requirements, their customers welcomed the added security of their data. Not surprisingly, other governments took notice of GDPR’s success.

Not long after GDPR went into effect, a group of California legislators voted unanimously to pass the California Consumer Privacy Act (CCPA), a law inspired by GDPR to ensure that residents’ data is well protected. It can be expected that government bodies around the globe may begin to pass similar laws that protect their constituents’ data.

Although GDPR only applies to European consumers, global businesses with European customers are responsible for ensuring their privacy practices are compliant with GDPR. The same will be true for businesses under the CCPA; any customer that resides in California will be protected under the act regardless of the location of the business they are purchasing from.

Data protection is universal

Most businesses in the US already ran a rigorous gamut to meet compliance requirements for GDPR. In theory, complying with new US regulations should be a simple matter with a few nuances added here and there.

But in today’s data-driven economy, businesses must not only understand how they should be compliant, they should also understand their customers’ concerns about data privacy and what they are looking for in a data privacy agreement.

A recent study from Veritas found that over 60 percent of consumers would stop buying from a business that fails to protect their data. Additionally, 48 percent of respondents said they would switch loyalties and begin purchasing from a competitor while 81 percent would encourage friends and family members to boycott the company.

Compliance starts with the data

Compliance for its own sake isn’t enough. To achieve true compliance, everyone involved in data management must understand its importance. Organizations must strike the perfect balance between the right technology and employee training. There are a few things to consider as businesses prepare to comply with the expected onslaught of data privacy regulations:

Recognizing the value of data to businesses and consumers

Data is a driving factor for business success and should be treated as such. With the amount of data businesses are capable of capturing, they can adjust strategies and plans based on insights and analytics from the data to become more successful. The insights businesses can pull from this data are so rich they can actually be predictive of trends and give businesses the opportunity to forecast.

In addition, the scope of data breaches is astronomical. For example, just this year Timehop was hacked and put the personal data of 21 million of its users at risk. Customers are speaking out and are demanding businesses that collect, process and manage data should be protecting it at all costs, or there will be a price to pay.

Educating employees on the value of compliance

Employees should understand that compliance is mandatory, especially when misuse of data can lead to legal action. Beyond the obvious reasons, proper data protection can actually support business growth while failure to comply can hurt a business’ reputation and sales. Nearly half (48 percent) of survey respondents would abandon their loyalty to a particular brand and consider turning to a competitor if they found out their data was not protected. Respondents also said they would encourage boycotts of the business or even report the business to regulators.

Evolve data management practices to comply with new standards

Whenever a new personal information regulation is passed, businesses must prioritize necessary changes to information management. This will require extensive knowledge about the type of data and where it is stored, how the data is to be handled and knowledge of the associated data protection policies and procedures for data regulations.

Bridging the gap between data value and compliance is critical as businesses work to meet regulation compliance for GDPR, CCPA and any other laws that may appear down the line. As businesses continue to innovate and harness the power of their data, they should not lose sight of the repercussions they might incur if they are not protecting it to the best of their ability.

With government bodies taking a stake in consumer data protection, more eyes will be on data practices than ever before. Businesses will be more successful when they take action to build policies to manage data and implement tools that empower them to stay compliant.

For reprint and licensing requests for this article, click here.