Data Governance Standards in the Era of PIPA and GDPR

The Dubai government recently announced that they were the first in the world to achieve 100 percent digitized governance. They transitioned nearly 45 government entities in a five-phase strategy, providing 1800 services to citizens. According to UAE Crown Prince Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, this effort will result in $350 million in savings and the reduction of more than 14 million person-hours. [1]

Governments are increasingly embracing technology to reduce complexities and ensure citizen convenience, so Dubai's move toward paperless governance is not surprising. However, as the world rushes to abandon the analog medium, there are growing concerns about data privacy and the application of ethical considerations. Let’s take a look at how PIPA and GDPR are pushing the standards of Data Governance.?

How GDPR is reshaping data privacy laws across the globe

Any enterprise that wants to set goals for the future needs to look at the defining trends to see how the culture is changing. Upon its enactment, the GDPR was a far-reaching data privacy law. It signaled an unprecedented shift in government regulation around the world.

Here are just a few examples of how countries have reshaped their data privacy regulations to comply with GDPR laws:

• Chile - The government has reshaped its data privacy laws around the GDPR directives and implemented data privacy as a human right. Fines are instated based on the severity of the violations that have occurred.
• China - The government revised the new draft of the Personal Data Protection Law (PDPL) to make the business accountable to comply regardless of the physical presence in China. A fine of up to 5% global turnover or 6 Million EUR, whatever comes first, will be placed in addition to personal penalties for the guilty party.
• Switzerland - One of the critical global epicentres for financial business processes is implementing the Data Protection Act in 2022. This law is based on the GDPR core principles and enacts data privacy protection for Swiss nationals. There has been an increase in the penalties for non-compliance from 10,000 EUR to 230,000 EUR.?

Why lack of adequacy is a roadblock for innovation

The EU–US Privacy Shield was determined to be invalid in July 2020 by the European Court of Justice (ECJ). [2] After a thorough investigation and analysis of the US, ECJ stated that the US government failed to protect the EU citizen’s personal information. The decision further reinforced the privacy shield laws and surprised the major US enterprises.?

Furthermore, the EU has imposed strict fines for failing to comply with GDPR compliance laws, which can amount to 4% of global sales or a 20 million EUR fine (whichever comes to be higher). As corporations consider the Standard Contractual Clauses, which can cause months of delays and millions in penalties, it becomes apparent that non-compliance is a significant barrier to innovation. Any company that wants to accelerate its growth and enable future innovations must begin laying the groundwork for today's data governance.

Why PIPA is the gold standard for adequacy

Ever since the implementation of GDPR, it has generated quite a ripple effect onto the government bodies and regulators. In recognition of the Personal Information Protection Act (PIPA) legislation's role in introducing stringent policies protecting millions of people's personal information, many people ignore its foresight into modern data privacy models. In 2011, PIPA brought in critical ideas and concepts of the scope of the data process, protecting fundamental data subject rights to legislation. The essential ideas of GDPR were present in PIPA with different terminology. They defined the scope of what the EU implemented in 2016.

Since then, the Personal Information Protection Commission (PIPC) has gone through many iterations of PIPA with significant amendments in 2020.[3] These amendments introduced key concepts like pseudonymized data and the scope of consent to gain adequacy for PIPA. Due to the efforts of PIPC, Chairmen Yoon Jong-in called PIPA law a first in achieving adequacy through appropriateness determination and has allowed public data to flow outside the EU.

Given South Korea's status as a growing market data hub and a robust legislative framework, the country is driven to achieve the highest standard in data privacy laws. PIPA is the gold standard for GDPR compliance to build your enterprise's future data governance framework around.

Types of compliance solutions can businesses adopt

When viewed in aggregate, large enterprises can resemble a web of unstructured data sources crisscrossing the information superhighway. To untangle the web of data and bring a level of harmonization to the overall structure requires a new, innovative ground-up approach. A fundamental rethink is required of how businesses should approach data governance in large corporations. They must simplify data governance by unifying the different data sources into a single entity and implementing protocols on how access can occur.?

Final Thoughts

Enterprises must start to prepare for a future where a compliant dataset is the only acceptable way to process data. Given the complexities, the transition period for any business to gain compliance will be filled with hurdles and can take months to years. As countries become increasingly digital, stringent policies are being implemented to protect citizens' data. Every country is significantly rethinking its data policies, with GDPR being the role model. It is a governance trend that enterprises must keep an eye on. A lack of adequacy is a severe roadblock for businesses to innovate, and compliance is essential to future growth. Getting compliant with GDPR and PIPA is the best model to adopt because the law is highly flexible and willing to significantly evolve to meet global data privacy trends.