Get All Access for $5/mo

Now Is the Time to Future-Proof Your Data Privacy Safeguarding has always been a must, but it's a legal obligation too.

By Jennifer Spencer

Opinions expressed by Entrepreneur contributors are their own.

ipopba | Getty Images

The ever-growing need for businesses to safeguard and manage the sensitive data they collect and use should not be overstated, especially in today's climate of eroding trust. This sentiment became a mandate overseas late last May, when the EU's General Data Protection Regulations (GDPR) went into effect. GDPR compels organizations to prevent data from getting into the wrong hands and ensure that it's obtained through consent. It also places a strong onus on companies to respect the rights of individuals as data owners, such as adhering to requests for access.

However, more than one year since its introduction, and a further two since the regulations were announced, an alarming number of businesses have yet to comply. Only 35 percent of European companies provided personal data to customers who asked for it according to one recent study. And only 52 percent of American employees are even aware that there are laws that dictate how sensitive information is handled.

The potential consequences of noncompliance are significant, too, with upper-level fines set at a minimum of 20 million euros (or just shy of $22.5 million). As if that weren't enough motivation, additional data privacy regulations are in the works, and\ catching up will only get more difficult.

Related: Does Customer Data Privacy Actually Matter? It Should.

To wit, the California Consumer Protection Act (CCPA), which goes into effect this January, includes some nuanced departures from GDPR. The extra-stringent New York Privacy Act, meanwhile, is already starting to make its way through the state assembly. Likewise, any company doing business with a global audience must be cognizant of their data collection and storage processes. Russian data privacy law, for example, mandates that personally identifiable data from its citizens be stored on servers within their country.

Even Google, with its massive tech resources, isn't immune from compliance missteps; they were slapped with a huge $57 million fine by CNIL, France's data-protection watchdog group. To avoid a similar fate, heed these few bits of guidance.

Compliance Isn't Going to Get Easier

GDPR's low compliance rates are a bit misleading, as they imply that no one's trying. One recent report found that more than two-thirds of businesses have dedicated dozens of staff members to spearheading the GDPR conundrum. The same report estimates that this investment has resulted in thousands of hours worth of company time being assigned to a single piece of legislation, with privacy professionals themselves averaging 160 hours preparing for and sustaining GDPR compliance.

Indeed, significant resources have been dedicated towards compliance, but regulatory frameworks are complex It doesn't bode well that some two-thirds of privacy professionals agree that adoption rates for CCPA are lagging what they were for GDPR. Clearly, it's crucial that your business gets its privacy safeguards into shape before the legal, financial and reputational risks become reality.

Figure Out How to Close Your aps

GDPR, pending U.S. legislation and other nations' laws are collectively creating potential compliance blind spots. You may think that your systems are secure, yet the interconnectivity of technology can leave serious gaps. For example, consider a U.S.-based company that holds events for international audiences. Their data practices must conform to GDPR requirements across the board, regardless of where attendees reside.

"Data compliance is not sexy, but it is critical to this industry," explains Adrien Petersen, CTO of event registration solution eventcore. As event tech advances, features like facial recognition create even more concerns and possible gaps in compliance.

Regardless of your industry, an end-to-end approach is critical. The data integration specialists at Talend have outlined a 16-step approach that dovetails with specific articles of GDPR legislation where your company might be falling short. Their process covers potential trouble areas including:

  • Lawfulness of data processing.
  • Conditions of user consent.
  • Handling special categories of personal data including race, ethnicity and political or religious opinions.
  • Data-masking processing that doesn't require identification.
  • Documenting a data lineage to verify compliance processing.

Full compliance is only assured when your company has practices throughout its entire information infrastructure to collect, standardize, reconcile, certify, protect and propagate personal data.

Related: The Fed and the States Are Embracing Privacy Law

SaaS Compliance Is Extra Tricky

An additional complexity facing businesses is how to deal with the ever-growing reliance on SaaS applications. Web apps are used throughout most organizations in finance, sales, marketing, tech and HR departments, with data often held remotely, outside of the organization's remit. Businesses might utilize hundreds, if not thousands, of applications across the entire employee pool, and overall compliance risk is amplified for two reasons. Firstly, an SaaS vendor may not clearly communicate what data they store on what servers, and how that data is used. By integrating this app into your system, you become liable for their possible oversights. And secondly, since web apps are so easy to adopt, the IT department is often unaware of what SaaS products are being used throughout the enterprise, leaving them unaware of the full extent of their risk exposure.

As Uri Native, cofounder of SaaS management solution Torii, explains, "A single system of records for all your SaaS is the foundation of compliant SaaS management." To ensure full compliance, Nativ cautions that your IT department must take back control of their organization's tech stacks immediately. And he adds that if an employee quits or is fired, "Obviously, that's a huge risk, since you're exposing your company's sensitive data to a person you no longer have a reason to trust, that shouldn't be able to have access in the first place."

With relentless lawmakers eager to assuage a skittish public, we can expect additional privacy-compliance challenges ahead. The time is now to get a firm handle on data risks and remediation. The liability of non-compliance grows greater every day.

Jennifer Spencer

CEO of Energent Media

Jennifer Spencer is the founder of Energent Media, a digital marketing firm for tech startups. She is passionate about helping brands leverage content to share their stories with the world.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Leadership

7 Telltale Signs of a Weak Leader

Whether a bully or a people pleaser who can't tell hard truths, poor leadership takes many forms.

Franchise 500 Annual Ranking

50 Franchise CMOs Who Are Changing the Game

Get to know the industry's most influential marketing power players.

Thought Leaders

6 Tips From a Clean Beauty Entrepreneur

Sarah Biggers went from a newbie in the natural beauty space to a pro in just a few years. Here are six things she wishes she'd known at the beginning.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Marketing

5 Critical Mistakes to Avoid When Giving a Presentation

Are you tired of enduring dull presentations? Over the years, I have compiled a list of common presentation mistakes and how to avoid them. Here are my top five tips.

Science & Technology

5 Rule-Bending AI Hacks to Make Your Mornings More Productive and Profitable

By 2025, AI will transform productivity by streamlining workflows and cutting costs. Major companies like Microsoft, Google, and OpenAI are leading the way, advancing AI into "Phase 3," where tools act as digital assistants. Discover 5 AI hacks to boost efficiency and redefine your daily routine.