Research Hub > How Privacy Regulations Bring Business Change

November 05, 2020

3 min

How Privacy Regulations Bring Business Change

These steps can help your organization better protect customer data.

Today’s privacy environment is far different from the landscape that businesses faced only a few years ago. Consumers now understand the value of their data to organizations and want to control the flow of that information to third parties. Regulators around the world are beginning to step in and tame what was, until recently, a Wild West environment by implementing rules that require businesses to abide by consumers’ privacy wishes. This rapidly changing landscape requires a thoughtful approach by business leaders, technology professionals and their legal teams.

To learn how CDW can help you handle regulatory obstacles, read our white paper “Overcome Your Compliance Challenges.”

This movement began in the European Union, which in 2018 replaced its existing privacy rules with the General Data Protection Regulation. This sweeping privacy law provided broad worldwide protection for the personal information of EU residents. GDPR’s reach spread well beyond the European continent, as almost every large American company has some business presence in Europe. Organizations scrambled to understand the impact of these new regulations and update their European-facing websites to comply with the new standards.

In July 2020, privacy regulations hit closer to home when enforcement of the California Consumer Privacy Act began. CCPA provides GDPR-style protections to residents of California. Due to the difficulty of segregating information about California residents, most companies are choosing to apply CCPA standards to all of their customer information. In fact, many privacy experts suspect that other states will soon follow California’s example and pass their own consumer privacy legislation.

Here are a few things that you can do to make sure that your organization is ready for these new regulations and whatever is next on the privacy horizon.

Create Transparent Data Practices

The underlying assumption behind all privacy regulation is that organizations collecting data should do so with the clear knowledge and consent of data subjects and an understanding that data should be used only for previously disclosed purposes.

Allow Consumers to Opt Out

Consent may be given, and consent may be taken away. Consumers should always be able to opt out of data collection and sharing, and organizations must have mechanisms in place to track and honor that request.

Provide for the Right to Be Forgotten

Many privacy regulations now allow consumers to request, in some circumstances, that companies delete all of their stored personal information. This can be a complex technical undertaking, and organizations should prepare to fulfill these requests across their systems.

Understand Your Data

You can’t protect data if you don’t know what you have and where it is located. You also will not be able to implement the right to be forgotten if you don’t have a solid idea of where all customer data is stored. Building a comprehensive data inventory is a prerequisite for many security and privacy controls.

The bottom line is that organizations need to assess their own uses of customer information and their dependence on data sharing practices. New limits on these practices are on the horizon, which will disrupt many businesses. Now is the time to think about changing how your organization handles data and achieves compliance with privacy regulations.