GDPR At 2: The Conclusions And Way Forward

The two years of the GDPR have meant that privacy going to be part of corporate decision making. And, a reflection of the two-year journey indicates that the future has the following in store for us:

• Privacy Is Here To Stay - Two years ago, privacy may not have been the norm but going forward privacy is going to be the new normal. If the discussions on tracking as part of the pandemic are any indication, then, it is clear that privacy is here to stay. And, it will only get more and more embedded in the corporate world. It is likely that the consumers will expect it, the authorities will check it and the corporates will do it.
• There Will Be More Automation - Thus far most companies have focussed on becoming compliant by setting and operationalizing the policies, governance, and processes. As we look ahead, there is likely to be more automation, usage of Artificial Intelligence, and reliance on predictive approaches that reactive responses.
• The Maturity Will Only Increase - For most organizations, they are at the early stages of privacy compliance. In the coming years, there is likely to be an increase in maturity. In that direction, there is likely to a focus on certifications and audits so that organizations can demonstrate compliance and be assured of it.
• There Will Be More Privacy Laws - While a lot of countries have already passed privacy laws, the coming years will see new laws in the US, India, Pakistan, and so on. As it seems, the US is likely to have state-wise privacy laws in the short to medium term. As more and more laws come through, there is a likelihood of harmonization across countries. The compliance across variable requirements in different privacy laws across the globe will remain a big challenge for most countries operating in multiple countries. I also see more and more countries getting included in the EU adequacy list for transfers of personal data.
• Privacy Will Become A Brand Differentiator - As we move forward, privacy compliance is likely to become a brand differentiator in terms of winning more clients. To achieve this, more organizations will adopt ISO 27701 and other standards that will come up for a demonstration of privacy compliance in an organization. Already, a study by CISO shows that 82% of organizations view privacy certifications such as ISO 27701 and Privacy Shield as a buying factor when selecting a product or vendor in their supply chain. And, this is only going to increase and become a mandatory requirement.

In short, like it or not, GDPR and privacy laws are here to stay. We can always debate that this is not there and that is not fair but the law is there. And, we are better off taking a practical approach to complying with the longer-term perspective. And, as we do so, compliance is an ongoing journey and you need to consistently work towards remaining complaint. This is because your business keeps changing and so will compliance. So, have a safe privacy compliance journey.

And, if you need help in compliance with privacy laws, or training, please do not hesitate to contact me at [email protected] and we can have a conversation.

Note:

As I shared in my article "GDPR At 2: How To Look At Two Years Of The GDPR Regime?", this article is the last part of a series of articles on GDPR at 2. The previous articles included:

• How To Look At Two Years Of The GDPR?
• Why Was GDPR Such A Big Thing?
• What Are The Positives Of The GDPR At 2?
• What Have Been The Challenges of GDPR At 2?
• What Have Been The Enforcement Actions?

Punit Bhatia is a privacy consultant who is an author of multiple books on GDPR, privacy and sourcing speaker at global events, advisor on GDPR and privacy matters, and the host of The FIT4PRIVACY Podcast. Punit helps business and privacy leaders in identifying the strategic priorities for privacy compliance and managing the execution in a simple and structured manner. Punit is known to use simple business language while avoiding legal jargon. Punit is a certified Fellow in Information Privacy (FIP), CIPM, and CIPP-E.

Follow YouTube, Facebook, Twitter, Instagram, Podcast, iTunes, Spotify

Did You Know? Punit's book "Be Ready For GDPR" is ranked as #1 and the book "Intro to GDPR" is ranked as #9 in the list "25 Best GDPR eBooks of All Time" published by BookAuthority.com.

Did You Know? The FIT4PRIVACY Podcast is ranked #3 in GDPR Podcasts by Feedspot. Listen to this podcast on your favourite platform now: Apple, Spotify, Stitcher

The FIT4PRIVACY Podcast - A Podcast For Those Who Care About Privacy is available on iTunes, Spotify, Stitcher and many other platforms.