Over the last year data security has become an even more critical business focus. According to Forensics Research, the Global GDPR Services Market is expected to reach $3.3 billion by 2025. After the implementation of the GDPR, other global jurisdictions are following suit and using it to build their own legislation.

Our CEO, Dyann Heward-Mills takes a look at what’s next for data security in 2020, and which measures should be top priority.

Globalization of privacy

California rang in the new year with the implementation of the California Consumer Privacy Act (CCPA). We expect other jurisdictions to follow suit with either new regulations coming into play or current laws receiving a makeover. To name a few, across the states, we expect to see proposed privacy laws in Arizona, Florida, Illinois, Utah, and Wisconsin.

In February, we will see the European Commission release its Data Strategy, which aims to create a single data market across all industries in the European Union. Big tech firms across the globe will need to align operations with the new strategic framework.

Similar to the GDPR in the EU, other international jurisdictions are implementing their own data regulations. Earlier this year we expanded to Switzerland, focusing on managing and implementing privacy operations at local, global and cross functional levels. In spring this year, Switzerland should be announcing revisions to its current regulations. Other notable regions to see new evolutions to legislation will be Brazil, India, Singapore, and Kenya.

Employment rights

With a significant volume of employees submitting data subject access requests (DSARs), there will be a need to upskill compliance and audit teams to help ease the workload.

Looking more broadly, countries will need to adapt to the changing gig and sharing economy. We can look to Uber as an example of a global company that has had to adapt in various jurisdictions to remain compliant.

New industry spotlights

Data regulation is moving from a broad-spectrum approach to now focussing on specific industries, ensuring appropriate regulations are being installed. The fintech and health-tech industries will be high priority industries for data regulators.

Across all sectors, we’ll see stronger enforcement in relation to cookies, real-time bidding, and similar technologies in the adtech space.

Great expectations

Various data protection authorities have paved way with clarity and improved guidance this year. Between, compliance, IT, risk and audit teams, data protection issues are high on the agenda. Furthermore, the need for data protection officers (DPO) has become better understood at every level of business.

We’ll also likely see an increased level of transparency and expectations around Privacy Notices, Data Protection Impact Assessments, and Legitimate Interest Assessments. We may also see an increased demand for Codes of Conduct and privacy standards such as Binding Corporate Rules (BCR).

Ethical data handling and the future of a DPO

We’re witnessing a new wave of transparency and ethical expectations when it comes to data privacy and security. DPOs will be even more involved in key business decisions as pressures rise from internal and external stakeholders.

Over the last 12 months, we have found more organizations are recognising the value of an external opinion on data handling. There will be a growing appreciation for third parties, like HewardMills that hold organizations accountable in the coming months and beyond. We’re able to offer valuable insights into governance and operations, while staying independent.