Privacy Legislation Goes Global (Slowly!) Are You Prepared?
Privacy Legislation Goes Global (Slowly!) Are You Prepared?
Source: https://www.dlapiperdataprotection.com/
In this article I talk about how and why Privacy Legislation is spreading around the world. And I provide some insights into how successful organisations are dealing with the new requirements, both culturally and technologically.
According to the UN, 107 countries (of which 66 were developing or transition economies) have put in place legislation to secure the protection of data and privacy. In this area, Asia and Africa show a similar level of adoption, with less than 40 per cent of countries having a law in place.
What is happening across the world?
Source: The state of data protection rules around the world A briefing FOR CONSUMER ORGANISATIONS https://www.consumersinternational.org/media/155133/gdpr-briefing.pdf
Concern about how much data is collected, loss of privacy, security risks and other consequences is growing. In 2016, 57% of consumers worldwide reported that they were more concerned about their online privacy than they were in 2014 . The GDPR is now the strongest data protection regime in the world, leading many to hope that it will set a ‘gold standard’ for other jurisdictions. The requirement on companies that process EU citizens’ data to abide by the regulation regardless of location, adds weight to this and could be used as leverage by citizens of other countries, particularly where company activity crosses borders.
That is the hope for the future – but what is the current status of data protection laws across the world?
Globally, there is an increasing growth in data protection laws, many of which have been modelled on comprehensive guidelines or regulation such as the EU Directive mentioned above, or the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data . According to UNCTAD data protection tracker, over 100 countries around the world now have data protection laws in place.
Moving forward to a coherent global position?
The sheer increase in data protection laws across the world is testament to data protection’s rising importance on the global agenda. In spite of this, there is still more that needs to be done. In an ideal world data protection would be harmonised across continents to ensure a more comprehensive and coherent global policy on the fundamental right to personal data protection, especially in the extraterritorial application of data. This would reduce the degree of flexibility with which countries can implement data protection requirements, and reduces confusion when data protection issues arise between countries. Some countries have already started to do this by aligning with robust data privacy frameworks like the OECD guidelines or GDPR, but these are not widespread. The only non-EU countries that have data protection laws considered adequate by the EU are Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US. Australia, New Zealand, Hong Kong, and Japan have modelled their data protection laws off the OECD Guidelines. So, while the GDPR may be held up as a new gold standard, it could be ambitious to assume that others will reach it any time soon, considering that many countries across the globe are yet to put data protection laws in place or finalise existing draft legislation.
Technology Can Help
Too many companies are still seeing Privacy Legislation compliance as a legislative and systems change. Systems such as Cassie enable compliance but the successful organisations have changed their Culture as well as their systems. The Cassie platform is currently used by 25 organisations around the world, totalling 165 million worldwide customer records with 2.4 billion preferences and making 2.5 million updates EVERY DAY! Yes Privacy Legislation will require new systems and processes to comply with the legislation. But that is far too simplistic and misses the MUCH BIGGER PICTURE.
Privacy Legislation Means Cultural Change
Privacy Legislation means the way you do business with your customers and prospects changes completely. It means more openness about what your business does with a person’s data. It means putting the consumer in control – they decide what you do with their data. No longer can you (the business) hide behind wishy-washy, tenuous legal speak, hidden away in the bowels of your T&C’s.
The public need to understand that Privacy Legislation is a positive change that has been introduced for the consumer’s benefit. The public is jaded by junk mail, nuisance calls and spamming. They want it to change and they will appreciate and value the brands that clearly give them choice and control. The recent Facebook/Cambridge Analytica debacle has raised consumer awareness even more. To quote the ICO “Doing consent well should put individuals in control, build customer trust and engagement, and enhance your reputation”
Privacy Legislation – A Positive Vision
Consumers will appreciate and value the brands that clearly give them choice and control. If done well, those brands will then generate a higher level of engagement and loyalty from the customer/supporter/stakeholder base. By opting in, (or by not opting-out of Legitimate Interests!) a consumer is showing the highest level of interest in your cause, product or organisation. That is gold-dust! It is the best way to do a value segmentation of all consumers who touch your brand in some way – if they opt in, they are interested and you should focus your effort on them. So whilst Privacy Legislation will result in a smaller active customer/supporter/stakeholder base than pre-Privacy Legislation, the base will be of higher engagement and probably higher value than the current average. That means lower campaign and admin costs and higher responses. That equals improved ROI. And that is a good thing for all involved.
Change Your Culture As Well As Your Systems!
The best way of complying with Privacy Legislation is to adopt a holistic approach to the use of data across your organisation. From the Boardroom down, focus should be on your customers and how to best serve them – that means building Privacy and Consent into every aspect of your business. Remember - consumers will appreciate and value the brands that clearly give them choice and control. If done well, those brands will then generate a higher level of engagement and loyalty.
The following excerpt from Consumers International (The state of data protection rules around the world A briefing FOR CONSUMER ORGANISATIONS) refers to GDPR but is equally relevant to other Privacy Legislation around the world, including CAN-SPAM, CCPA, COBBA, TCPA, (plus the myriad of other US state laws), Australian Data Privacy Regulations, Japan’s APPI, and many more.
“Policy makers and regulators have recognised the lack of protection offered by the former Directive in this area and have updated GDPR to rectify it. For example, a key component of GDPR is the requirement for consent, which must be an active agreement by the data subject, rather than the current models offered through pre-ticked boxes or opt-outs. It also puts obligations on businesses to carry out Privacy Impact Assessments for certain data use cases. This will have the effect of enabling businesses to consider more holistically what the organisation is doing with the data it collects and the impact it could have on people’s privacy – giving them a chance to look across the piece at what they are collecting and why. Another key feature is privacy by design, which forces a company to design their data collection and processing methods in accordance with data protection law. In other words, they will need to ensure their data protection policies, structure and personnel are compliant.”
In summary
Change your culture and introduce technology such as Cassie to manage your new processes. By giving your customers choice and control over THEIR data (yes it is theirs, not yours!) you can gain a competitive advantage over those organisations who have not fully embraced the new Privacy era.
For more information please contact James Squires. Tel: 0330 043 1593 or email: james.squires@kudos-data.com