This article is a reprint of a blog that originally appeared on the EDRM website.
The world of privacy is constantly changing. New legislation is passed and new regulations come into effect on a regular basis. Data protection authorities update their guidance, new threats and threat actors emerge, and new technology is developed even more frequently. With so much happening, it's understandable for privacy experts to sometimes feel like their head is spinning.
But there's not really time for that. If you're working in a privacy department at a large organization--whether in the private or public sector--it's table stakes to keep up with what's happening. But to do your job well, or at least to make sure you have a moment to breathe, it would be good to anticipate what's coming down the pipeline and prepare for it. After all, it's everyone's goal to move away from reactive compliance and threat response to a more proactive one. To help in that regard, Exterro recently hosted a series of webinars titled The Future of Privacy, assembling regional privacy experts and technologists to discuss the complex regulatory framework international enterprises must reckon with today.
We've talked on this blog a bit about some best practices for keeping up with international privacy regulations, but a substantial portion of the webcasts focused on discussing the future of international privacy regulations. We asked several experts about what trends they saw coming next and how organizations could prepare for them--and this article will focus on three highlights from those conversations.
International Privacy Prediction #1
The trend toward viewing personal data as belonging to its subjects will only continue. Clearly articulated by GDPR, more and more international privacy legislation--as well as state-level legislation in the United States--will be based on this concept. Organizations will do well to adopt this underlying principle, as many regulatory requirements emanate from this concept: consent, the right to access data, and the right to request deletion all flow logically from this position.
Expert Recommendation from Xavier Alabart, Founder and Principal Consultant, The Privacy Aces, GmbH
"Have people, processes, and technology in place to address the fundamental aspects
of privacy like informed consent and data subject access requests."
International Privacy Prediction #2
Privacy laws today have not reached their final evolution; they are on a path of harmonization toward widely accepted best practices. Both within regions and across regions, laws will continue to converge toward regimes that are considered practical, respectful of individuals' rights, and comprehensible. Where possible, adopting underlying best practices in advance of regulatory change will afford businesses the certainty they crave.
Expert Insight from Ben Crew, Senior Director, FTI Consulting
"The laws as they exist today are not the end of the road. Prepare for the strong regulatory regimes as laws will tend to converge toward 'gold standard' regulations."
International Privacy Prediction #3
The threat landscape will continue to diversify and grow. Bad actors have proliferated across regions and inside and outside of organizations. A few years ago, most people would assume that data must be exfiltrated to be compromised; recent years' increase in ransomware attacks has proven that assumption wrong. As data types, use cases, and sources continue to multiply, hackers will continue to identify new ways to exploit the technology for profit.
Expert Recommendation from Tim de Sousa, Senior Directory, Technology, FTI Consulting
"As organizations gather more data, and create more value from the data they have, threat actors will seek to exploit it. Prepare response plans and train for incidents, because they will happen eventually."
Download the infographic The International Privacy Landscape of Tomorrow for more expert opinions.
By Tim Rollins