We explore the top trends in the data privacy sector as technology moves forward into 2022, with expert insights from Exterro, a discovery, forensic investigation, privacy and breach response software company.
Data privacy has always been a controversial subject, hitting newspaper headlines regularly due to companies that have failed in their data protection sector or collect data without consent. The need to be in charge of this is more important than ever as you don’t want to gain a reputation as being untrustworthy with personal information.
1. New data privacy regulations
Officials are demanding more from businesses, with strict guidelines as the world is trying to introduce or increase its data management, policies, and privacy schemes. Following new regulations is of utmost importance for businesses, with those who fail facing litigation.
The updates from the EU General Data Protection Regulation (GDPR) are worth mentioning since during the summer of 2021, the European Commission released new Standard Contractual Clauses (SCCs). These concentrate on the transfer of personal data from the EU to third countries, such as the United States.
New laws and amendments will be becoming operational within 2022, meaning the time left to meet the requirements is swiftly running out. Businesses should prepare themselves and set up a plan to assess applicability of privacy laws and regulations, along with a schedule for company adjustments in order to comply.
2. More use of GRC software
Governance, risk, and compliance (GRC) software has become a must have for any business, these aid companies to manage all of the necessary documentation, while also preventing vulnerabilities that could impact your company. The need to be prepared should be a top priority for any company as failing in this area could affect your systems, resources, and stakeholders.
“While most organizations are familiar with GRC in the context of departments such as HR, IT and finance, we are now seeing a growth in demand for Legal GRC, with legal leaders in particular, being faced with much of the orchestration and complex interconnections of legal operations, digital forensics, data privacy and cybersecurity compliance,” says Simon Whitburn, GM & VP International, Exterro.
This can be achieved with new GRC management smart AI programs, reducing the risk time due to the speed of the automated response. “Having a quicker, more robust and effective post-breach response process has now become necessary in order to comply with the various global data protection regulations, like the GDPR in Europe. Having the right technology in place can help to proactively identify risks prior to incident and categorize into different levels of consideration for review and action. Automation will also ensure breach management keeps pace with any regulatory changes, such as those we saw to GDPR in the form of a new Data Protection Act post-Brexit,” adds Whitburn.
3. Third Party Risk Management
Third-party risk management (TPRM) is a form of security that focuses on identifying and reducing the amount of risks that could be used by using the services of third parties, this could include contractors or stock suppliers. With the threat of ransomware on the rise, due diligence must be done when it comes to opening your company up to include a third-party vendor.
Though risks are not always identified in time. In fact, it has been reported that in 2019, 83% of executives tell us that third party risks were identified after completing the initial onboarding. These failures to identify threats in advance has resulted in some notable breaches during 2021. The most recent of which was the December ransomware attack on SPAR in which the hackers gained access to the companies’ system via a third-party security weakness.
Exterro reports that (Worldwide) 59% of respondents confirm that their organizations experienced a data breach caused by one of their third parties and 42% of respondents say they had such a data breach in the past 12 months. Additionally, 22%of respondents don’t know if they had a third-party data breach in the past 12 months.
4. Schrems II continues to be a concern
In July 2020 the Court of Justice of the European Union (CJEU) made a judgement on the European Commission’s Privacy Shield Decision declaring it was invalid on account of invasive US surveillance programmes. Due to this, all EU companies can no longer legally transfer data to the US. Should a business continue to transfer data it will risk a penalty of €20 mn or in some cases 4 % of their global turnover. For advice on how to deal with data protection in the wake of Schrems II, Exterro have a whitepaper available for download, here.
5. More transparency of data privacy
Due to the media coverage on data privacy failures, the public are now more aware than ever before on privacy laws. There is much less trust when it comes to social media and tech companies collecting data. There needs to be much more concentration by companies now to be transparent and earn that trust back.
Keeping these trends in mind and taking action on data protection regulations will ensure that businesses are not punished. Protection from outside threats is a serious aspect of this, which can be both prevented or in the case of a breach there needs to be response software that businesses can rely on in order to securely protect any sensitive data.
- How to prepare your business’ data privacy strategy for the post-holiday shopping surge
- Privacy tech: the secret advantage to winning the “AI Race”
- Will AI start a revolution in cloud and data storage?
If you would like to learn more about the future of privacy in the corporate world, there is a webinar by Exterro taking place on this subject, which you can register for here. Stuart Davidson, Senior Director of International Marketing at Exterro, will be joined by a special guest and discuss the challenges privacy professionals face, the rapidly evolving privacy and the role of the privacy professional, and the way in which data protection and privacy leaders require new strategies and technologies to overcome these problems – solutions that are defensible, scalable and will future proof the success of the organisation they serve.