Numerous milestones in data privacy regulation are being crossed in 2023, with big developments coming in on both sides of the Atlantic.
In the US, four new state laws have been introduced, while California, well known for its stringent approach to privacy, is enhancing existing requirements. Numerous other states have either passed or proposed their privacy legislation.
In Europe, the EU-US Data Privacy Framework signifies a crucial step in transatlantic data protection. And negotiations are ongoing for global agreements, such as those between the EU and a post-Brexit United Kingdom, adding to the complexity of the international privacy landscape.
Despite this rapid evolution, studies show that only around 50% of executives consider themselves “very prepared” to meet tightening data privacy compliance standards.
Related Session:
The Challenges and Opportunities of Cross-Border Compliance: Managing Risk in a Globalised World
Wednesday 18th October 2023, 10:00 - 10:45am BST
GRC Theatre
Below, we reveal five trends that are allowing organisations to strengthen data privacy programmes and improve approaches to compliance.
1. Data localisation: Navigating the cross-border regulatory maze
In a world without digital boundaries, controlling where data resides might seem paradoxical. But emerging privacy laws mean data localisation has become a pivotal concern for businesses operating across multiple countries.
The uneven regulatory landscape calls for a strategic approach in the design and acquisition of cloud services. Consequently, data localisation planning has become a top priority in ensuring compliance and data security regardless of geographic locations.
“One of the most significant challenges companies face today is navigating the complex framework of different laws and compliance requirements,” says Rishi Maharaj, Founder and Executive Director at Privicy Advisory Services.
“Developing countries seek to align their laws with those of established Western democracies (Europe, US, Asia) through trade agreements that involve reciprocity. For these countries, implementing data protection laws becomes essential to foster economic growth and trade with the rest of the world,” he adds.
Related Session:
The Challenges and Opportunities of Cross-Border Compliance: Managing Risk in a Globalised World
Day 1, Wednesday 18th October 2023, 10:00 - 10:45am BST
GRC Theatre
Exclusively at #RISK London, experts explore the role of compliance in managing cross-border risks, the impact of emerging technologies on the issue, and the importance of governance and risk management in ensuring legal standards are adhered to at all points.
This session will provide you with a better understanding of the challenges and opportunities of cross-border compliance, and deliver the knowledge and tools to manage compliance risks in your own organisation.
2. Privacy-enhancing technologies (PETs): innovations in data security
The rise of untrusted environments like public clouds and the complexity of analytics engines have driven more businesses to adopt privacy-enhancing technologies.
Unlike conventional security controls, PETs protect data in use, enabling organisations to process and analyse data that were previously off-limits due to privacy concerns.
By 2025, it is predicted that 60% of large organisations will integrate at least one PET in their analytics, business intelligence, or cloud computing strategies, ushering in a new era of secure data processing.
“We have to carefully weigh the perks and drawbacks before implementing any type of technology. It is also important to take into consideration your organisation’s risk appetite, profile and budget,” says Tainá Baylão, Senior Specialist Data Protection at Infineon Technologies.
“Some PETs might be welcomed for more regulated sectors, more subject to using sensitive data, while for companies that mostly process names and emails only, those might not be worth the investment. It should always be a case-by-case analysis,” she adds.
Related Session:
Emerging Privacy-Enhancing Technologies (PETs): What Works
Day 2, Thursday 19th October 2023, 10:00 - 10:45am BST
GRC Theatre
Privacy-enhancing technologies (PETs) are a growing area of interest as organisations look for better ways to protect personal information. This session will explore the emerging landscape of PETs, and discuss which technologies are most effective.
3. AI governance: navigating the ethical landscape
Artificial Intelligence (AI) is permeating so many facets of business operations; it is almost indispensable these days, especially considering the privacy risks associated with AI-based modules.
Organisations must establish robust oversight mechanisms to assess the impact on privacy, ensuring that AI systems do not compromise sensitive data. Failure to do so might result in toxic data ingestion, leading to costly system replacements in the future.
“It may be a cliché, but I think the benefits of AI will only outweigh its risks if it emerges through evolution rather than revolution. We need to understand the technology, including its limitations, as it develops,” says Caro Robson, Director of Regulatory Strategy at Jersey Office of the Information Commissioner.
“This is a particular risk with AI, because the tools being released often use models that were built long before the business or individual user adopts them, and as such the user has had no input in their development. But if we can manage these risks, I think many AI-based tools have the potential to take on high-volume, low-risk tasks that might otherwise take up a huge amount of DP and security professionals’ time or be missed by them altogether,” she adds.
Related Session:
AI in the workplace – the DPO Framework and Roadmap to Avoid Chaos
Day 2, Thursday 19th October 2023, 15:00 - 16:00pm BST
Privacy & Data Protection Theatre
There is no doubt that AI is the new revolution. It is developing rapidly, both technologically and legally, and many organisations are facing the big question: How do you remain compliant, while gaining the commercial benefit of using AI?
This interactive session will provide a practical roadmap for DPOs to avoid AI chaos, how to overcome challenges and pitfalls, and build a responsible AI strategy in the workplace.
4. Centralised privacy UX: streamlining user experience
Consumers today demand transparency and control over their data. To meet these expectations, businesses are adopting a centralised privacy user experience (UX).
By consolidating notices, consent management, and subject rights requests into a self-service portal, organisations enhance convenience for customers and employees alike.
This approach not only saves time and costs but also fosters a sense of trust and empowerment among users. By the end of 2023, 30% of consumer-facing organisations are expected to provide self-service transparency portals, emphasising the growing importance of user-centric privacy practices.
5. Remote becomes “hybrid everything”: balancing productivity and privacy
The advent of hybrid work models has revolutionised the way businesses operate, but it has also increased the organisational attack surface. With the expansion of connected devices, privacy risks have surged.
Organisations must adopt a human-centric approach to privacy, ensuring that end points are locked down, and data monitoring is minimal and purpose-driven.
By leveraging data to enhance employee experiences, mitigate burnout risks, and remove unnecessary friction, businesses can strike a delicate balance between productivity and privacy, fostering healthier work environments.
“Businesses need to consider both the technical and human elements. While technical security controls are essential for businesses, a key risk mitigating strategy is awareness raising and training for everyone with access to the business systems,” Tina Forrester, Data Protection Officer at Liverpool John Moores University.
Learn more at #RISK London…
Security and the Internet of Things (IoT): Threats, Defences and Regulation
Day 2, Thursday 19th October 2023, 12:00 - 13:00pm BST
As workforces decentralise, billions of connected devices have come into use around the world. The Internet of Things (IoT) presents both opportunities and challenges when it comes to security. In this session, our speakers explore the security implications of IoT.
Panellists will discuss the latest threats facing the IoT and advise on how security teams can optimise defences. Topics will include: the role of regulation in promoting IoT security; the potential for AI-powered tools to improve IoT security, and how to leverage the opportunities presented by the IoT in a safe and secure way.
These trends underscore just how fast our data privacy landscape is evolving. But by acting now and embracing these transformations, organisations can not only comply with regulations but also build a foundation of trust with their stakeholders.
As businesses navigate the intricate web of digital interactions, prioritising privacy has become not just a compliance necessity but a cornerstone of ethical and responsible practices in the digital age.
Discover more at #RISK London
As the world becomes increasingly interconnected and complex, so too does the risk landscape. That’s why it’s more important than ever for business leaders and department heads to stay across all the latest trends and best practices.
Here’s where #RISK London comes in.
The two-day event, taking place on October 18-19, 2023 at ExCel London, is the premier event for risk professionals in the UK.
With over 100 exhibitors, keynote presentations from over 200 experts and thought leaders, panel discussions, and breakout sessions, #RISK London is the perfect place to learn about the present and future risk landscape.
No comments yet