The rise of digital technology continues to advance in such areas as connected health, telemedicine, combination products, the internet, and other customer and employee engagement tools. Yet, while these advancements have proven to provide incredible commercial benefits, they also pose increasing privacy risks.
The European Union’s General Data Protection Regulation (GDPR), high-profile cybersecurity breaches, and newsworthy invasions of individual personal data rights have brought privacy to the forefront for both consumers and regulators. As a result, organizations must develop policies, procedures, and documentation demonstrating global compliance that can also be operationalized by employees — all the while continuing to move business forward. This is the new future of data privacy.
The GDPR established the new standard for data protection, to include requirements of organizations to lawfully process the personal data of individuals, whether they are employees, customers, vendors, or patients. One important consideration with GDPR is that it clearly outlines the fines and penalties for noncompliance, including 4% of the previous year’s annual turnover (gross sales) or 20 million euros — whichever is higher. The fines alone have raised the awareness levels of executives and boards of directors on a global scale.
Countries throughout the world — and even states within those countries — are proposing and passing new data protection laws that borrow from, modify, and in some cases add to the GDPR requirements on which they are unofficially based. The California Consumer Privacy Act of 2018 and proposed U.S. federal data protection standards are examples where these requirements are being extended to U.S. operations.
Following are key considerations for global organizations as they focus on managing the GDPR and other global privacy regulations: