Top 5 privacy predictions for 2018
What are my privacy predictions for 2018 in a year that will represent a milestone for the world of data protection with the GDPR becoming effective?
As every end of the year, I like to run my predictions for the New Year and I cannot miss my privacy predictions for 2018.
There will be lots of changes in a year that will hopefully be very busy for data protection lawyers, but here are my top 5 privacy predictions. I summarized my position also in the video below in Italian as part of my videoblog Diritto al Digitale, while the topic is covered in more detail in English below:
1. Investing on privacy compliance will mean investing on the future of your company
Just a few days ago, a very high ranked manager of one of the largest multinational IT companies in the world told me a sentence that I heard many times
privacy does not exist…
I still hope that this was just a fast comment that does not represent the official position of his company as my view is quite different.
At the age of the digital revolution where companies are investing on machine learning, artificial intelligence, IoT or just on remote communications with their customers and where data is becoming exponentially valuable, it is not possible to deal with these matters without having adopted adequate technical and organizational measures of data protection compliance. Apart from the potential fines, a potential order to erase all collected personal data might oblige companies to delete one of their most valuable assets, undermining their own future.
I often repeat that privacy by design is the key of the success of companies. And this is definitely true as it requires a complete “reshaping” of companies which will list privacy compliance as one of their priorities.
2. Privacy compliance will require a “cultural change“
This prediction is linked to the previous one. If thousands of money are invested on data protection compliance and then your employees, managers and agents do not change the way they used to operate, this will be just a waste of money.
Investing on training of employees and of those that will be in charge of controlling them to convey the message that privacy compliance is part of the strategy of the group to reach its success will be very complicated, but needs to be done and quickly!
3. None will be perfect on 25 May 2018
The amount of work to be done in order to ensure compliance with the General Data Protection Regulation is extremely large, especially if your company has a B2C business. What I usually repeat to clients is that our goal is not to be perfect, but to put in place technical and organizational measures in order to show to individuals and authorities
an adequate level of diligence in the setting up and management of a data protection compliance program,
identifying the correct balance between privacy compliance and business needs.
If for instance it is not possible to implement all the required technical changes, it is necessary in my view to adopt those changes affecting the IT infrastructure processing the largest volumes of personal data, so that it can be showed to have minimized the privacy related risks. But it is also necessary to show the adoption of a business plan aimed at implementing the further changes in the coming 2/3 years.
4. Data protection compliance will be a continous “work in progress“
Some of our clients are already requesting to review the services, tools and products that will be launched in the next 6/12 months. A continous review of privacy compliance will not be necessary just because the business of companies rapidly evolves, but also because data protection authorities will continue issuing new guidelines, governments will adopt local laws integrating the GDPR and the first decisions and fines will be issued.
As it recently happened with the publication of the Article 29 Working Party Guidelines on consent and transparency which obliged us to implement some changes to the GDPR compliant privacy information notice that many clients had already adopted, data protection compliance will be a never ending work in progress!
5. Cybersecurity will be the new privacy
Cybersecurity is definitely not new among the list of priorities of managers. However, it is often tackled only under a technical standpoint. It happens more rarely that companies have a cybersecurity compliance program able to show the adoption of technical and organizational measures in order to prevent a cyber attack and to quickly react to it to minimize its negative effects, with reference not only to privacy compliance, but in order to protect any asset of your company.
As there is no software without bugs, there is no IT system that cannot be attacked. Besides in most of the cases, cyber attacks are due to human errors! This is why companies will have to show the adoption of a cybersecurity program able to reduce such risks, also to limit potential liabilities, sanctions and damages.
These are my top 5 privacy predictions for 2018, what are yours?
As usual, if you found this article interesting please share it on your favourite social media.
WRITTEN BY GIULIO CORAGGIO
IT, gaming, privacy and commercial lawyer at the leading law firm DLA Piper. You can contact me via email at firstname.lastname@example.org or email@example.com or via phone at +39 334 688 1147.