Senior Director, FTI Consulting
In the wake of a year with pivotal change and extreme reliance on the internet and e-commerce, it is hardly surprising that regulatory activity is increasing on a global scale. New technologies have helped expand and globalise markets, making products developed and marketed in one corner of the world available for purchase and delivery across virtually any border. But playing in many leagues means playing by many rules. And these rules tend to change often. When building products and providing services in a particular geographical location, organisations must know what rules to follow and be prepared to respond when regulators come asking about their practices.
Privacy rules and guidelines are developing worldwide, and many organisations have felt the challenge of adapting to these changes. The IAPP Privacy Risk study of 2020 found that “even industries structured for regulatory compliance, such as the financial services and health/pharma industry sectors, see privacy law compliance as at least a short-term business risk due to the global variance in privacy laws.” Big tech also experienced significant changes with the Digital Services Act, and the Digital Markets Act brought forward in the EU to create a safer and open digital market.
Navigating the changing regulatory landscape and achieving a mature level of compliance for those regions will require consideration of several factors, including:
Privacy operations. When privacy legislation or practices change in a jurisdiction where your organisation operates, you want to be the first to know, and you want to take action as soon as possible. This is easier for compliance professionals when their privacy programme is supported by privacy management software through which templates can be built, progress can be tracked, and information is preserved, giving a holistic view of risks.
According to the recently published IAPP-FTI Consulting Privacy Governance Report 2020, between 96% and 98% of privacy teams’ top responsibilities are “Privacy policies, procedures and governance,” “Following legislative developments around privacy and data protection” and “Addressing privacy issues with existing products and services.” However, only 68% of respondents see “Acquiring and/or using privacy-enhancing software” as their responsibility. When compliance is built with standalone, static documents, changes and updates become cumbersome and difficult to implement. Technology can support mapping exercises with visual aids and connecting data points and sources with compliance activities such as access requests and data protection impact assessments (DPIAs).
Organisations that operate globally are subject to the ever-changing and continually developing regulatory landscape, which is challenging to comply with without a robust privacy and information governance backbone. Using aids such as privacy management technology to stay on top of processing activities and legal requirements will facilitate compliance teams’ work and serve as the go-to resource for updates, queries, and research on regulatory changes.
The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.