Three Privacy Challenges That Companies Still Face in Turbulent 2020


2020 has been an excep­tion­al year. From lock­downs to lay­offs, stock lows to highs, and from appre­hen­sive­ness about vir­tu­al work­ing to embrac­ing it, com­pa­nies have gone through a lot. While it may seem that the year is through, there remain chal­lenges. And, in this arti­cle, I share three key chal­lenges I see in the con­text of pri­va­cy and data pro­tec­tion because one thing that has emerged from this crisis is that data pro­tec­tion is the default option.

If the pri­va­cy relat­ed dis­cus­sions in pan­dem­ic are any indi­ca­tion of rel­e­vance of pri­va­cy, pri­va­cy is here to stay, and con­sumers are demand­ing it. Of course, this is only if you were skep­ti­cal and needed a val­i­da­tion that pri­va­cy was for real. As com­pa­nies come to terms with the new world, it is essen­tial that we focus on pri­va­cy chal­lenges that are await­ing us. So, let us look at three such chal­lenges from my per­spec­tive.

1. Companies need to review and assess all data transfers from EU to outside

The Court of Justice for the European Union has recent­ly inval­i­dat­ed the pri­va­cy shield and reit­er­at­ed that EU data pro­tec­tion stan­dards and rules will travel with the per­son­al data when it is trans­ferred out­side of EU. And, if that was not enough, it also said con­trollers are account­able to assess and take cor­rec­tive actions. This is easier said than done. For com­pa­nies strug­gling to cope up with shrink­ing mar­gins, uncer­tain­ty into future and new ways of work­ing, how does one expect a com­pa­ny to review all its data trans­fers out­side of EU. In my opin­ion, this will be a key chal­lenge in next 6 – 12 months that com­pa­nies will need to deal with it through changes in loca­tions of data, changes in con­tracts and assess­ments of exist­ing data trans­fers. And, the work won’t end after that, but we may have new ver­sion of Standard Contractual Clauses then.

2. Companies need to review and mitigate risks from employees working remotely

Before pan­dem­ic, com­pa­nies had just about com­plet­ed changes (due to recent pri­va­cy laws like EU GDPR) in their data man­age­ment and busi­ness­es process­es. And now, com­pa­nies need to deal with almost all employ­ees work­ing from home. Whilst this is a tech­no­log­i­cal and orga­ni­za­tion­al chal­lenge of unpar­al­leled scale, it is also a chal­lenge to iden­ti­fy the pri­va­cy risks from employ­ees work­ing remote­ly. The last few months may have been spent in focus on busi­ness con­ti­nu­ity but iden­ti­fi­ca­tion of pri­va­cy risks and mit­i­ga­tion of such risks need to be pri­or­i­tized now because hack­ers now are aware that they do not need to hack into a cor­po­rate net­work but can exploit vul­ner­a­bil­i­ties of home net­works. Even in post pan­dem­ic word, major­i­ty of your staff may work from home. Employees would ask flex­i­bil­i­ty that they would have gotten used to. So, you will not only need to address pri­va­cy risks when an employ­ee works remote­ly but also when the employ­ees works at dif­fer­ent loca­tions e.g. two days from office and three days from home. This requires adap­ta­tion of your pri­va­cy and secu­ri­ty strat­e­gy. In my opin­ion, this will be a key chal­lenge as to how does one pro­tect data while it is accessed from any­where.

If the pri­va­cy-relat­ed dis­cus­sions during the pan­dem­ic are any indi­ca­tion, #pri­va­cy is here to stay, and con­sumers are demand­ing it. #respect­da­ta Click to Tweet

3. Companies need to gear up for post COVID world

Whilst we all are busy with the pan­dem­ic world, there will be an end to pan­dem­ic in some­time. We all hope that it ends sooner than later. But, one thing is cer­tain and that is “things may not be same” even when pan­dem­ic eases. So, if you are rely­ing on pri­va­cy risk eval­u­a­tions from the old world, it is time to review things in a world where­in you will be sell­ing prod­ucts and ser­vices online. Yes, even if you think your prod­uct cannot be sold online. The new world will have greater com­po­nent of online. So, you need an online pri­va­cy strat­e­gy. So, the sooner we pivot, the easier it will become. In my opin­ion, it is best to take a proac­tive approach and start to review the risks of deliv­er­ing prod­ucts and ser­vices online and may be offline. This likely change in busi­ness model and the uncer­tain­ty around it means pri­va­cy risks iden­ti­fied pre­vi­ous­ly are in need for a review.

CPO Magazine source|articles

Recommended Posts

Start typing and press Enter to search