The biggest news in data protection in the last several years was the GDPR changes in the European Union. Those privacy updates gave consumers the right to know what data a company collects. Furthermore, it aimed to hold companies more responsible for the data they collected.
However, GDPR was just the first wave of regulations to impact the way IT leaders approach data protection and privacy. There’s no question that privacy, compliance, and data management will be an increasingly important IT responsibility. So here are some trends and upcoming regulations and opportunities to keep in mind.
Privacy Has a Global Reach
There are a few things to understand about GDPR. These apply to other upcoming regulations as well. First of all, most privacy laws have a broad range of coverage. For example, GDPR applies to more than just EU firms. The laws protect citizens more than they regulate companies. That is to say, if an EU citizen uses an American service, that business will have to comply with GDPR. The goal is to protect the individual.
That’s why global technology companies like Facebook, Apple, and Google have to comply with GDPR. Their user base lives in the EU. If you operate a global business, know that you must abide by the rules in each country and region you do business in. Some laws contain cutoffs and qualifications, as we’ll see in California’s laws. However, GDPR and others will apply to any company that keeps data about customers on hand.
Expect Laws from the State and National Level
At first, GDPR may seem like this monolithic law. As such, it has set off a course of action that will begin to affect the United States. Already, at the state level, privacy laws are coming into effect. Like GDPR, the different state laws apply to businesses that serve anyone in that state. Consider a few examples.
One of the most stringent data laws is California’s CCPA. The biggest outcome of this law is that customers can file class-action lawsuits against any company who mishandles their data. Additionally, the state of California can charge the company a fee per person impacted. In Colorado, the law now reads that data destruction procedures, one of our services at Securis, must be documented.
The responsibility rests on the firm to ensure they have the right processes in place to protect consumers. Thus, state law requires that a firm comply and document its methods. Finally, Oregon tightened up the language about security audits and breach notifications in their state law. Each business must take on a proactive approach, especially in their communication with customers.
All of these are examples of what’s going on at the state level. What about at a national level? Until recently, data laws have not been a priority at the national level. In fact, aside from HIPPA laws in the health sector, there really isn’t a single, unified policy on data privacy in the United States. That may change, however, and more voices want a federally enforced privacy law. Keep an eye out for these discussions. Federal laws will have wide-sweeping effects.
Data Protection Will be a Requirement for Smaller Firms
Just as data laws are becoming more widespread, they’re also starting to affect smaller businesses. Take California’s CCPA law. CPPA requires a business to comply if they meet one of the three qualifications. First, the business earns over $25 million in revenue. Second, they possess the data of over 50,000 individuals. Third, they earn more than half their annual revenue by selling customer’s personal data.
Most small businesses wouldn’t match those requirements. Still, it doesn’t take a huge corporation to hit $25 million in revenue. In the future, these laws could apply to smaller companies. Begin preparing now to comply with the data privacy laws that affect your customers.
Privacy Compliance Has Its Benefits
Data regulations require firms to stay on their toes and comply with strict laws. However, that doesn’t mean there aren’t any advantages to protecting consumer data. Cisco, in their 2019 Data Privacy Benchmark Study, found some interesting results. When a company complies with data protection laws like GDPR or state-level regulations, they experience a shorter sales cycle. How so?
Well, it comes down to customer trust. When a company complied with data protection laws, the customer trusted them more. Those firms shrunk sales delays from 5.4 weeks to 3.4 weeks. Cisco also found that complying companies had fewer breaches and less system downtime. As it turns out, clients and customers care about their data. By having the right systems in place, you’ll save time, money, and headaches both in the sales cycle and in day-to-day operations.
Another study by Forrester and Evidon found that companies complying with data protection regulations expected several outcomes, including improved customer satisfaction, customer loyalty, brand perception, and deeper customer engagement. Don’t let fines motivate you, let customer-centric data protection be a highlight of your brand.
Securis Can Help You Comply
At Securis, we specialize in data destruction and IT recycling. This means cleaning up your IT equipment digitally and physically. Our goal is to protect your data by destroying it. Furthermore, e-waste, or outdated and thrown away computers, electronic devices, etc., fill up landfills and are potentially toxic to the environment.
We dispose of these in safe, compliant ways, saving you the headache of figuring it out on your own. We maintain federal and state standards on all our practices and help your business prepare for the incoming data privacy changes. Contact us for a free quote.