World map on a technological background showing data privacy laws and cross-border data sharing

Navigating Evolving Data Privacy Laws and Cross-Border Data Sharing

The flow of data will only continue to increase as more countries and regions embrace digital transformation. As a result, data privacy legislation around the world will continue to evolve as datasets become more complex.

For example, the EU recently proposed new legislation aimed at tackling the surging amount of data being generated by connected devices, and Utah just joined the ranks of states that have passed wide-reaching data privacy laws. The US recently announced its membership to a new international digital privacy organization working to advance, regulate and protect the cross-border sharing of data. While the US does not currently have a national data privacy legislation, more laws are continuing to be enacted and it’s only a matter of time before they befall nearly every organization.

Despite these increasing regulations, data sharing can benefit countries in a number of ways including increasing trade, strengthening productivity, and lowering prices for affected industries. In fact, Gartner expects that by 2023, organizations that embrace data sharing will outperform peers on the majority of business value metrics. However, Gartner also predicts that less than 5% of data-sharing programs will correctly identify trusted data and locate trusted data sources through 2022.

As we move toward a more open data-sharing future, businesses must prepare now to tackle the future legislation that will inevitably be placed upon them and ensure all data moving through its systems is accurate and trusted. Companies not prioritizing data compliance efforts will fall behind their competitors as data and its subsequent legislation becomes more intricate. Ingraining a strong data foundation and practicing good data hygiene within the organization is crucial to staying ahead of the curve.

Keeping data private with proper governance

Adoption of data privacy laws is fragmented across regions in many ways and is likely to create significant challenges around regulatory change for companies. For companies to be agile throughout developing laws and maintain a competitive advantage, they will need to adopt an approach to data privacy that is flexible enough to support ongoing regulatory change across the jurisdictions within which they operate – with minimal operational disruption.

Proper data governance is the key to preparing for dynamic data privacy legislation. To ensure compliance with regulations a business must know where the data is, how it’s used, how long it should be retained and where the data is going. Being able to quickly and sustainably support compliance with new regulations is going to depend on the maturity of the data governance program, making it crucial to begin implementing one now.

Many organizations with unstructured data run into hurdles getting started, such as:

  • Maintaining archaic and undependable manual processes for data inventory, which can lead to stale data.
  • Lacking privacy context for stored data without being able to answer the full context of where, what, who, why, when, and how the data is used.
  • Documenting lineage manually, making it difficult to provide a full visual for accurate decision making.
  • Disjointed processes that don’t operationalize data privacy and cause disconnect from inventories.

To avoid these issues and prevent noncompliance, businesses must ensure that their data governance program has a foundation that aligns with their upcoming needs in the face of new privacy regulations. Enterprises must ask themselves these questions:

  • Is my data entry and inventory automated instead of relying on my team to enter information manually?
  • Do I have clear accountability within company personnel of who is responsible for personal information, providing context, and aligning with compliance for new regulations?
  • Is there a clear demonstration of how personal information flows between systems in my architecture?

A system with these features will ensure clear knowledge of how data is used within the organization and can be easily accounted for if new legislation calls for it. Overall, implementing a robust data governance program can help companies mature from one-off, ad-hoc data privacy processes that lack longevity and move toward sustainable processes that streamline privacy operations.

Staying compliant within cross-border data sharing

Any organization sharing data across borders must ensure its compliance with any and all domain-specific or region-specific privacy laws – making data lineage imperative for keeping track of information and how it flows across borders.

Data lineage describes how data transforms and flows as it is transported from source to destination across its entire data lifecycle. It helps organizations get the full story behind their data to inform trusted and accurate business decisions. A data lineage tool can automatically trace connections between data points to visualize how information moves throughout the systems, providing businesses with a way to keep track of how data that crosses borders is transferred and ensuring that it’s remaining compliant with multiple privacy laws.

Besides data lineage, it’s critical to stay apprised of the ways data moves across borders and its direction, as well as which data flow contains personal information and what technology is being utilized to transmit it. Companies have felt the sting of mishandling data by failing to secure and track customer information, resulting in hefty fines. Viewing these transgressions from an organizational perspective, it reflects the need for visibility into where data goes and what happens to it.

That’s why it’s crucial for businesses to do a thorough audit to recognize how its data is moving and who is receiving the data on the other end. Once that information has been collected, they should consider creating safeguards that will protect them in case of a change or update in regulation. Looking into the standard contractual clauses with the receiving organization around data sharing will ensure that the language within these clauses will hold up in the event of political change. Once it’s known what safeguards are needed, they must be implemented by updating contractual language, putting new corporate policies in place, and ensuring internal documentation reflects these changes.

Data sharing is an inherent part of an increasingly globalized world, helping countries strengthen their economy and relationships with other regions. However, the uptick of free-flowing information will go hand in hand with increased regulation, making it crucial for any business to prioritize a compliant data-sharing strategy agile enough to withstand changing laws. Implementing a robust data governance program as well as data lineage to help track the flow of data throughout borders will help companies stay one step ahead of evolving regulations and provide a critical competitive advantage.