“Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is by Patrick Salyer, CEO at Gigya.
If we’ve learned anything about progress, it’s that regulation rides hot on the heels of innovation.
With the birth of the airline industry, for example, came a complex set of regulations for safety and efficiency. The same is true with broadcast television, cable and broadband internet.
Now, big data and the digital world are ripe for regulation – specifically, privacy compliance in the international digital enterprise. More than ever, managing consumer privacy is – or should be – the top priority for executives.
Three major drivers are forcing a shift in how organizations approach their privacy compliance strategies in 2017: data residency and security, business enablement and emerging data protection standards.
Regional and national data laws, including those that define where consumer data must be stored and processed, vary widely. The risk of noncompliance is great for businesses that serve international customer bases.
Nevertheless, these businesses are unlikely to give up international audience segments because of their business value. Organizations must be vigilant in their management of multinational consumer data, adopt data localization policies and pay strict attention to regional compliance laws.
Digital innovation is driving business, and privacy compliance is an essential element in almost every technology in an organization’s solutions stack. As executives embrace new technology, they face new challenges for securing their customers’ personal data as it is tapped by a growing list of applications and services. Leaders across the entire enterprise must think outside of the box to meet the needs of a range of business units, while also keeping their organizations in compliance with international data protection and privacy regulations.
Emerging Data Protection Standards
The European Union’s General Data Protection Regulation (GDPR) is all set to go live in May 2018, sending many executives of international digital enterprises scrambling to ensure that their data management strategies fall in line.
Developed and put forth by EU regulators in April 2016, the law outlines stringent requirements for the handling of data, organizational structure, system maintenance and communications between data processors and consumers as well as between businesses and regulatory officials. The aim is to increase transparency about how consumer data is collected and used. Noncompliance with GDPR is brutal: Fines can reach $20 million or 4% of annual turnover, whichever is greater, depending on the violation. This alone can light a fire under international digital enterprise executives to make privacy compliance management a priority.
While the EU’s GDPR has garnered the spotlight for regulatory mandates, the United States has its own up-and-comers in privacy and data protection and enforcement: the Federal Communications Commission, the United States Securities and Exchange Commission and the Consumer Financial Protection Bureau among them. And with the Federal Trade Commission’s recent $100 million action against LifeLock, there’s no doubt significant shifts in the US regulatory landscape are on the horizon.
Of course, a byproduct of data protection and privacy compliance is that it sparks positive feelings between the organization and its customers — always a good thing when trying to attract and keep customers and establish trust.
Perhaps Forrester put it best in a recent report on consumer privacy when it said that “enlightened” organizations will recognize privacy as a way to build customer relationships, while “short-sighted firms will make the mistake of thinking that privacy is only about meeting compliance and regulatory requirements at the lowest possible cost.”