The General Data Protection Regulation (GDPR) introduced the business community to a whole new world. An era where privacy and transparency are the foundation for building a brand, customer trust, and reputation in the digital economy.
When GDPR took effect on May 28, 2018, it was an emergency flare for companies to get their data hygiene up to new, stringent EU standards. Companies around the world scrambled to clean up their data policies and practices. Yet, over a year later, nearly 38 percent of global organizations still are not compliant with GDPR requirements.
Now, the California Consumer Protection Act (CCPA) is coming quickly down the legislative pipeline. On January 1, 2020, the CCPA is set to take effect, being touted as the strictest data privacy law in the U.S. Once again, companies are caught unprepared: according to an economic impact assessment, the CCPA could cost companies up to $55 billion in initial compliance costs.
Both CCPA and GDPR represent sweeping changes in the privacy landscape. As the digital economy has skyrocketed, the amount of data collected and stored on the Internet has followed. And in the absence of data privacy and protection rules, companies were, and still are, exploiting the advertising and marketing power amassed from the sheer power of information on the Internet.
But with CCPA and GDPR, the dog days of data are over. Facebook took the U.S government and users down a deep rabbit hole, where a “social network” has the power to unduly influence a U.S. Presidential election. When people emerged on the other side, the importance of data protection, regulation, and privacy came into sharp focus. And these sweeping changes have a purpose: shifting the balance of power to give people control back over their personal data, how it is shared, and how it is monetized.
Data is a Piece of Your Digital Identity Puzzle
The unprecedented amount of data that is collected and stored on the Internet is all a piece of your identity. It might be your address, your job title, your email address, your credit card number, or your social security number. It also extends to softer information, like behavior data, location behavior, or health information.
These are all pieces of a giant puzzle that composes your digital identity, often referred to as an identity graph. Fitting all these disparate pieces of information together is what enables information on the Internet to become a nearly omniscient understanding of who you are, your behaviors, and how to manipulate and market to you.
What Privacy Legislation Means for Compliance
While the current situation seems grim, there is a silver lining. GDPR has paved the road for expectations around data privacy, and with huge fines and settlements, it has driven awareness and created an expectation that data privacy needs to be taken seriously. While it requires higher standards for data stewardship from nearly every company, this era is an opportunity for companies to emerge as data stewards, setting trends and making waves in the digital transformation. The future will be built on companies that are willing to balance privacy and security without sacrificing user experience.
GDPR is in place. CCPA is coming. And as of writing this, at least 25 U.S. states are developing data privacy legislation. You can keep track of privacy legislation on CIO Dive’s privacy tracker. Long story short, higher data standards are here to stay.
It’s up to companies to learn to navigate these changes and make privacy legislation work for them, and we’re here to help you learn what you need to KNOW.
CCPA and Compliance at KNOW Identity 2020
All these changes have put a lot of responsibility on the compliance function. According to Compliance Week’s ‘Inside the Mind of the CCO,” the top concerns of Chief Compliance Officers (CCOs) are a lack of support/resources, keeping up with regulatory policies, and data privacy/ cybersecurity. As the landscape changes, privacy by design, consent, right to access, and the right to be forgotten will only become more critical to the compliance function that extends to employees, products, and users.
KNOW Identity is a place for compliance professionals, from the C-suite to product managers, to learn about how to manage risk, protect data, and understand the impact of new regulations in this new, regulatory environment. Here’s a preview of top questions that we’ll be answering at KNOW 2020:
How is alternative data shaping this new landscape, what does it take to build a world-class trust & safety team, and are regulators poised to step into the vacuum?
With the absence of federal legislation and CCPA as the newly minted data protection standards for states, how should my company change or improve our approach to compliance?
What does GDPR mean for identity technology and how will it impact interoperability efforts?
While privacy-strategy can no longer be siloed into one function or one business unit, complying with privacy regulations and understanding how privacy impacts business falls heavily in the court of compliance professionals.
KNOW Identity is a place to help CCOs, compliance product leaders, and executives to hear from industry experts and learn leading -practices for navigating this rocky road. KNOW is also a conference where compliance and privacy are more than just a legal or regulatory issue, but privacy-forward policies are a way to elevate your company’s brand and distinguish your company as a leader in the digital economy. It’s an environment that’s built for proactive, progressive conversations that can help you create real change throughout compliance programs.
Take advantage of the final weeks of Early Bird Registration and get in the KNOW!