Digital businesses today face an ever-increasing number of data regulations. GDPR is here to stay, and the CCPA is on its way (although it’s unclear what the final law will look like). Many states have recently amended their own data protection statutes. Meanwhile, governments all over the world are taking data privacy more seriously and bringing enforcement actions against organizations that violate the laws.
It’s now abundantly clear that every organization has to shore up its data compliance program. The real question is how: Should organizations try to meet the new law on the law’s own terms, or should they adopt a globally compliant data policy framework?
In a recent AdWeek article, Ben Plumion, the Chief Growth Officer of computer vision & digital innovation firm GumGum, took a strong position on this question. He asserted that rather than taking a “wait-and-see” approach, it will be “easier, cheaper and safer” for organizations to proactively develop their own global data policy framework.
Ben points out that organizations must consider the cost of their decision. If an organization seeks to meet each new privacy law on its own terms, it means they must bring stakeholders from operations, legal, engineering, and other departments together to devise a plan and put it into action every time the game changes. Ben argues that adopting individual policies to suit the rules of each region is “too costly, too inefficient and too legally risky to bear”. It wastes organizational resources and money to continually re-evaluate company-wide processes. On the other hand, a global policy will mitigate the need to re-evaluate legal, operational, and engineering practices each time another government makes a new law.
Ben points out that organizations don’t need to wait for governments to pass new privacy laws; they can go ahead with a global data policy now because we can already see the direction the laws will take. The laws share the same fundamental intent and basic building blocks, and they all include concepts like user consent and transparency, set terms of liability, and establish authorities to oversee compliance.
Here at Hyperproof, we support this approach of creating a common, global data policy framework. Although adopting it initially will be challenging, the long-term benefits outweigh the short-term pain. This approach allows you to reduce the ongoing costs of compliance, mitigates the number of processes you’ll have to change in the future, and minimizes potential disruptions to your business.