These are the Top 3 Privacy Trends that I see for 2019:
- Trend #1: Privacy training for personnel is key
- Trend #2: Attention for privacy in important moments of your business
- Trend #3: More violations, data breaches and cyber crime.
Trend # 1 Privacy training for personnel is key
The General Data Protection Regulation (GDPR) caused a true ‘hype‘ before 25 May 2018: Many companies recklessly sent emails to all of their relations, asking for permission for the use of their personal data. For the most part, this was annoying and completely unnecessary. Many companies were misinformed about the GDPR, or just copied other companies. Your employees need to be well-informed and trained about how the GDPR should be (and should not be) interpreted and applied in practice. That saves you, and your customers, quite some annoyance.
It’s all about trust
Now that the GDPR-hype is over, we can talk about what it’s really about. The main question is: does your company handle personal data with integrity and in a transparent manner? The GDPR contains many general principles, which you need to fill in and figure it out yourself. You just need to be able to explain and take accountability for why and how you handle the personal data that were entrusted to you. So it’s all about trust.
Trend #2 Attention for privacy in important moments in your business
Let’s suppose you are looking for an investor or buyer for your company. Nowadays, investors and buyers also check your company’s privacy governance. They only want to invest in your company, if it is not too risky for them. If their due diligence shows that your company’s privacy governance is not in order, this is a ‘red flag’, and it will have a direct impact on the value of your company. You can prevent this by having your privacy governance in place before you contact an investor or buyer.
Privacy is on the agenda
Large companies must take into account that supervisory boards, workers councils and (internal and external) auditors also have ‘privacy’ on their agenda for this year. You can expect them to ask privacy-questions and maybe carry out audits. Are you prepared for that?
Trend #3: More violations, data breaches and cyber crime
This year, more privacy violations, data breaches and cyber crime will be in the news. These are some of the latest examples:
- Google was fined 50 million Euros, due to a lack of transparency, insufficient information and a lack of valid consent for its personalized advertisements.
- In January 2019, it was announced that more than 770 million personal email addresses and passwords were compromised in a data collection called ‘Collection #1‘.
- With cyber crime, not only hacking and malware should be considered, but also social engineering and human error. For example, Pathe cinemas was the victim of CEO fraud which led to 19 million Euros of damage.
Be prepared for data breaches
Companies should be aware that not all emails that warn about a data breach, are authentic. For example, emails were sent stating that there was a data breach at Booking.com, which contained a link to change the password (it turned out to be ‘phishing mail’). According to Booking.com, there was no data breach at all. ‘Phishing mails’ are becoming ‘better’ and almost impossible to distinguish from authentic emails. A good awareness training and internal control procedures for situations like this should (hopefully) prevent that these suspicious links will be clicked.
Last but not least, if there really is a data breach, you have to act quickly. This must be notified within 72 hours after its discovery to the Data Protection Authority through an online form. Be aware that not every security incident is a data breach. If you need more time to research, you can file a preliminary notification, which can be withdrawn later. Not reporting a data breach (in time) is risky business. Uber was fined 600,000 Euros due to a late notification of a large data breach. It is important to have a data breach procedure in place that everyone knows about, just in case something really happens. Testing and training are key here.