Five ways for businesses to strengthen privacy, bolster compliance and reduce risk

In the US, four new state laws have been introduced, while California, well known for its stringent approach to privacy, is enhancing existing requirements. Numerous other states have either passed or proposed their privacy legislation. 

In Europe, the EU-US Data Privacy Framework signifies a crucial step in transatlantic data protection. And negotiations are ongoing for global agreements, such as those between the EU and a post-Brexit United Kingdom, adding to the complexity of the international privacy landscape.

Despite this rapid evolution, studies show that only around 50% of executives consider themselves “very prepared” to meet tightening data privacy compliance standards.

Below, we reveal five trends that are allowing organisations to strengthen data privacy programmes and improve approaches to compliance.

1. Data localisation: Navigating the cross-border regulatory maze

In a world without digital boundaries, controlling where data resides might seem paradoxical. But emerging privacy laws mean data localisation has become a pivotal concern for businesses operating across multiple countries.

The uneven regulatory landscape calls for a strategic approach in the design and acquisition of cloud services. Consequently, data localisation planning has become a top priority in ensuring compliance and data security regardless of geographic locations.

“One of the most significant challenges companies face today is navigating the complex framework of different laws and compliance requirements,” says Rishi Maharaj, Founder and Executive Director at Privicy Advisory Services.

“Developing countries seek to align their laws with those of established Western democracies (Europe, US, Asia) through trade agreements that involve reciprocity. For these countries, implementing data protection laws becomes essential to foster economic growth and trade with the rest of the world,” he adds.

2. Privacy-enhancing technologies (PETs): innovations in data security

The rise of untrusted environments like public clouds and the complexity of analytics engines have driven more businesses to adopt privacy-enhancing technologies. 

Unlike conventional security controls, PETs protect data in use, enabling organisations to process and analyse data that were previously off-limits due to privacy concerns.

By 2025, it is predicted that 60% of large organisations will integrate at least one PET in their analytics, business intelligence, or cloud computing strategies, ushering in a new era of secure data processing.

“We have to carefully weigh the perks and drawbacks before implementing any type of technology. It is also important to take into consideration your organisation’s risk appetite, profile and budget,” says Tainá Baylão, Senior Specialist Data Protection at Infineon Technologies.

“Some PETs might be welcomed for more regulated sectors, more subject to using sensitive data, while for companies that mostly process names and emails only, those might not be worth the investment. It should always be a case-by-case analysis,” she adds. 

3. AI governance: navigating the ethical landscape

Artificial Intelligence (AI) is permeating so many facets of business operations; it is almost indispensable these days, especially considering the privacy risks associated with AI-based modules. 

Organisations must establish robust oversight mechanisms to assess the impact on privacy, ensuring that AI systems do not compromise sensitive data. Failure to do so might result in toxic data ingestion, leading to costly system replacements in the future.

“It may be a cliché, but I think the benefits of AI will only outweigh its risks if it emerges through evolution rather than revolution. We need to understand the technology, including its limitations, as it develops,” says Caro Robson, Director of Regulatory Strategy at Jersey Office of the Information Commissioner.

“This is a particular risk with AI, because the tools being released often use models that were built long before the business or individual user adopts them, and as such the user has had no input in their development. But if we can manage these risks, I think many AI-based tools have the potential to take on high-volume, low-risk tasks that might otherwise take up a huge amount of DP and security professionals’ time or be missed by them altogether,” she adds.

4. Centralised privacy UX: streamlining user experience

Consumers today demand transparency and control over their data. To meet these expectations, businesses are adopting a centralised privacy user experience (UX). 

By consolidating notices, consent management, and subject rights requests into a self-service portal, organisations enhance convenience for customers and employees alike. 

This approach not only saves time and costs but also fosters a sense of trust and empowerment among users. By the end of 2023, 30% of consumer-facing organisations are expected to provide self-service transparency portals, emphasising the growing importance of user-centric privacy practices.

5. Remote becomes “hybrid everything”: balancing productivity and privacy

The advent of hybrid work models has revolutionised the way businesses operate, but it has also increased the organisational attack surface. With the expansion of connected devices, privacy risks have surged.

Organisations must adopt a human-centric approach to privacy, ensuring that end points are locked down, and data monitoring is minimal and purpose-driven.

By leveraging data to enhance employee experiences, mitigate burnout risks, and remove unnecessary friction, businesses can strike a delicate balance between productivity and privacy, fostering healthier work environments.

“Businesses need to consider both the technical and human elements. While technical security controls are essential for businesses, a key risk mitigating strategy is awareness raising and training for everyone with access to the business systems,” Tina Forrester, Data Protection Officer at Liverpool John Moores University.

These trends underscore just how fast our data privacy landscape is evolving. But by acting now and embracing these transformations, organisations can not only comply with regulations but also build a foundation of trust with their stakeholders. 

As businesses navigate the intricate web of digital interactions, prioritising privacy has become not just a compliance necessity but a cornerstone of ethical and responsible practices in the digital age.