For Data Privacy Day, let’s commit to a culture of privacy by design, nurtured by a knowledgeable team that can execute an effective operational compliance program.
This past May, you heard an awful lot about the GDPR, which is short for the EU’s General Data Protection Regulation. For one brief, shining moment, the GDPR was searched more often than Beyoncé! But now that Data Privacy Day (January 28) has rolled around, Google Trends assures me, Beyoncé is back to being about 15 times more interesting.
And with Cardi B, it’s 30 to one. That’s so 2018.
Inside organizations around the world, however, interest is still very much piqued. The GDPR has moved from a looming deadline to a hovering reality, and it’s not going away anytime soon.
This is a good thing for the people who’ve been hired to focus on compliance. Commensurate with the GDPR and all those subsequent emails, we have seen an explosion in the privacy profession, with the ranks here at the International Association of Privacy Professionals swelling to 47,000 members strong. Not only are they data protection officers, a role mandated for many companies by the GDPR, but they are privacy analysts, engineers, auditors, and so much more.
Many organizations have stood up teams to assure compliance with not only the GDPR but also the many privacy laws in the US that are popping up, including California’s CCPA (California Consumer Privacy Act) of 2018. In January 2020, you can expect a little period where CCPA beats out Jay-Z, who isn’t quite as popular as either his wife or Cardi, I’d wager.
These privacy laws, and those bubbling up around the globe as we speak, are no trifling matter.
Our annual research with EY tells us that just 44% of organizations considered themselves “fully compliant” with the GDPR when it went live in May, and of those companies, 20% admitted they’d basically never be fully compliant. And that’s despite the average organization hiring three full-time employees and demanding time from another 2.5 staffers, just to handle the GDPR. Then, add to this the $3 million in average spending to adjust products and services and buy legal services and technology.
In 2018, the Global 500 spent an estimated $2.75 billion on GDPR compliance.
What, then, will be the impact of a U.S. federal privacy law that encompasses Internet firms and everyone else handling personal data?