Understanding the Impact of New Privacy Laws on Your Business
Managing Data and Consumer Rights
In addition to implementation planning, extending new rights to users may also require revisions to current controls and processes. Emily Leach, Privacy Director at Blueprint, said, “Virginia’s new law came into effect Jan. 1 alongside the CPRA amendments, with each bringing new consumer rights to restrict the way businesses handle user information.” Leach notes that clients will need to put processes in place to manage opting out of sharing data and targeted advertising and ensure they have their data classifications around sensitive information properly constructed. She added, “Leveraging the systems in place for the first iteration of CCPA and GDPR have been helpful, but there is still work to be done.”
Data Governance and Navigating Compliance Requirements
Kevin Donahue, Director of Privacy Engineering at Blueprint, says and leveraging technology is a critical step in navigating the compliance process. “Clients continue to evaluate how they can better integrate technology and automation with existing and new processes ensures privacy and data governance are being done well,” Donahue said. “Beyond legal compliance, companies that champion privacy and data governance as core values integral to meeting user and customer expectations are increasingly looking to Blueprint to design those programs,” he said, adding, this includes identifying risks, defining success, developing project plans, and working with stakeholders to integrate these new programs into day-to-day work with minimal churn. He added, “We have also seen an increase in clients seeking assistance with identifying meaningful metrics on these programs to better inform what’s working and adding value.”
Investing in Privacy Architecture and Scalable Solutions
While the potential impact of new data privacy laws are getting a lot of attention, Blueprint Strategic Consultant Aaron Weller has also noticed a big-picture change: Investing in privacy architecture is now a business imperative. He said, “A major focus that I’m seeing is the need for companies to prioritize scalable solutions that can be deployed across global organizations and to millions of devices and users.” He added, “Privacy impact assessments all too often look at a specific use of data, resulting in reinvention of the wheel and disparate solutions that fail to scale. Privacy architecture provides a set of tools that can be applied to existing and proposed use cases in a standardized manner to speed innovation and reduce friction.”
A Proactive Approach to Data Governance and Scalability
Assessing, reviewing, and iterating your company’s privacy program against new legislation is likely already high on your priority list for this year. After all, requirements will only become more complicated as new laws take effect. Additionally, being proactive with privacy and data governance and deploying solutions built to scale with these inevitable changes is the best way to future-proof your privacy program.
