The General Data Protection Regulation (GDPR) heavily influenced how we addressed online privacy in 2018. While it primarily protects residents of the European Union, the GDPR’s global reach impacts any company conducting business with EU residents. This broad scope has shifted GDPR from a regional concern to a worldwide one.
Several industry leaders have shared their perspectives on GDPR’s significant effects:
Source: Sage. Wherrett.
Arlene Wherrett, VP and MD of Sage Asia, observed that GDPR was a major catalyst for change in business operations. Data security and customer privacy became top priorities, prompting companies to reassess their data management practices. Wherrett believes this presents an opportunity for businesses to streamline systems, creating a solid framework for a data-driven future.
Experian Asia Pacific’s CEO, Ben Elliott, emphasized the growing importance of consumer consent in data usage. He anticipates increased regulations focused on protecting consumer data, ensuring transparency and security in how businesses acquire and utilize this information. For Elliott, the challenge lies in maintaining robust data security while still providing positive consumer experiences.
Prioritizing Privacy in Design
Source: Micro Focus. McNulty.
Stephen McNulty, President of Asia Pacific and Japan at Micro Focus, highlighted the critical need for “privacy by design” in light of GDPR and recent data breaches. Organizations must fully understand their data collection procedures, including what’s collected, how it’s used, stored, and encrypted. Failure to do so risks significant damage to stakeholder trust. McNulty advocates for centralized and consistent data security management, freeing developers to innovate without constantly navigating policy concerns. He envisions a 2019 where businesses prioritize data-level security solutions, such as analytics and machine learning, integrating them seamlessly into their operations and consumer engagement strategies.
Source: Cloudera. Micallef.
McNulty argues that developers often lack the bandwidth to address every potential security risk. Therefore, data security and privacy safeguards should be inherent to systems from the outset, not incorporated as an afterthought.
Navigating Privacy in the Cloud
Mark Micallef, VP of Asia Pacific and Japan at Cloudera, points out the complex relationship between cloud computing and compliance with regulations like GDPR. While advantageous in many ways, the cloud introduces two primary challenges: an increased risk of data breaches and difficulty determining applicable privacy laws due to the ambiguity surrounding the physical storage location of cloud data.
Source: Symantec. Trilling.
With GDPR’s enforcement as of May 2018, organizations must prioritize the compliance of their cloud services. They also need to ensure that the systems and applications they develop don’t introduce unnecessary risks. It’s important to note that GDPR’s impact extends beyond Europe, affecting any organization handling personal data of European citizens.
Micallef observes that even organizations not directly subject to GDPR are using it as a foundation for their data privacy and protection policies. This occurs in conjunction with compliance efforts for their respective national regulations, such as Singapore’s Personal Data Protection Act or Australia’s Privacy Act 1998.
The potential for GDPR to become a globally recognized standard is a topic of discussion. For this to happen, its current form must demonstrate its effectiveness. Once its practicality is proven, the likelihood of influencing international practices significantly increases.
Anticipating Further Privacy Regulations
Source: Symantec. Thompson.
Hugh Thompson, Symantec’s CTO, and Steve Trilling, Senior VP and GM of Security Analytics and Research at Symantec, believe that GDPR’s implementation is likely a catalyst for more security and privacy initiatives worldwide. They cite the 72-hour breach notification requirement adopted by Australia and Singapore, inspired by GDPR, and India’s consideration of similar legislation. Numerous countries are either recognized as having adequate data protection standards or are in the process of negotiating such recognition with the EU.
While an increase in legislative and regulatory actions focused on security and privacy is expected, Thompson and Trilling caution against overly broad regulations. For example, overly restrictive rules might hinder security companies from sharing crucial information needed to identify and address attacks. In their view, poorly designed regulations risk creating new vulnerabilities even as they attempt to mitigate existing ones.
Source: Experian. Elliott.
Laurence Pitt, Global Security Strategy Director at Juniper Networks, and Mounir Hahad, Head of Juniper Threat Labs, predict that 2019 will be defined by the global implications of GDPR. They anticipate that large non-European companies will grapple with GDPR’s practical consequences as it continues to be enforced. Furthermore, privacy remains a key area of focus for the global market. New regulations, such as e-privacy, are being developed, and other regions, including the US, are considering their own data privacy legislation. These developments have the potential to significantly impact businesses on a global scale.
Source: Juniper Networks. Pitt.
Arlene Wherrett observes that 2018 brought about other legislative changes impacting businesses, adding to the responsibilities of CFOs and accounting departments. For instance, new tax laws such as the Sales and Services Tax (SST) in Malaysia and the revised Goods and Services Tax (GST) in India present significant challenges for companies operating in those markets. CFOs and accounting professionals face the task of reassessing financial projections and implementing new practices to accommodate these regulatory shifts. Wherrett points out that many finance professionals must manage these regulatory changes while simultaneously adapting to evolving roles within their organizations as they undergo digital transformation.