Evolving privacy laws: Tips for staying compliant

Data is everywhere, but privacy is not. The not-so-surprising news is that “76% of users believe that companies must do more to protect their data.

Lately, the dramatic increase in malicious online activities has been a cause for concern, so, 137 out of 194 countries put in place legislation to secure the data of their residents. These regulations are pushing organizations to adhere to strict data privacy regulations, as non-compliance could cause huge reputational and financial damage.

In 2015, the “supermarket chain Morrison’s fell victim to an internal attack that lead to 100,000 employee’s personal details being leaked.” Apparently, a begrudged employee posted staff data on the internet. Instances such as these could happen at any time, and that’s exactly why privacy laws are enacted: to enforce human rights and stop predatory online behavior. 

Privacy laws are effective. But when there are hundreds of laws, each specific to a region, it’s complicated for an organization to achieve compliance. For instance, the CPRA and the GDPR differ in geographical scope and applicability. “The GDPR applies to all companies processing personal data of EU citizens, regardless of where the company is based. [The] CPRA only applies to companies that do business in California or process personal data of California residents.”

As you can see, each law is specific to its region and its residents, and it’s best to consult with a legal advisor to determine how these laws apply to your organization. But if you’re unsure where to start, the following steps can help kick-start your compliance efforts.

Regulate targeted advertising and third-party data

Recently passed privacy laws have stringent clauses on targeted advertising and the use of third-party data. The laws regulate the tracking of consumer behavior for targeted advertising across websites and mobile applications. For instance, the CPRA, which came into effect on January 1, 2023, enables consumers to opt out of the sale of personal information and controls third-party data transfers that can be used for targeted advertising. 

Leveraging first-party data is the way to go. The benefit of using first-party data is that it comes directly from the customers and with their consent, so the chances of noncompliance are minimal. Moreover, it offers valid customer insights and enables you to build a direct relationship with your customers. There’s no better way but to use first-party data wherever possible.

Minimize data 

Both the GDPR and the CPRA suggest collecting data that is only necessary for a specific purpose. When it comes to data minimization, the GDPR mandates that “personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.” But as there are no stringent guidelines on how much data is too much, organizations tend to collect more data than necessary.

Contrary to popular belief, hoarding data won’t help you achieve your desired business results—processing and analyzing the right data will.

To avoid unnecessary privacy violations and to maximize business growth, collect data that’s adequate, relevant, and not excessive.

All in all, it’s not easy to ensure your organization complies with all privacy regulations, but you have to start somewhere. Keep these tips in mind, and take consistent steps to secure data in your day-to-day operations, because that’s what matters when it comes to privacy compliance.

ManageEngine is the enterprise IT management division of Zoho Corporation. Established and emerging enterprises—including 9 of every 10 Fortune 100 organizations—rely on ManageEngine’s real-time IT management tools to ensure optimal performance of their IT infrastructure, including networks, servers, applications, endpoints and more. ManageEngine has offices worldwide, including in the United States, the United Arab Emirates, the Netherlands, India, Colombia, Mexico, Brazil, Singapore, Japan, China and Australia, as well as 200+ global partners to help organizations tightly align their business and IT. For more information, please visit the company site, follow the company blog and get connected on LinkedIn, Facebook, Instagram and Twitter.


Staff writer