Privacy and data protection have never been more important, and it was not too long ago that the general consensus was that privacy was dead. It is now abundantly clear that privacy is paramount.
The COVID-19 Crisis has accelerated working from home and digital adoption. This means that any privacy programme will need a privacy management platform to effectively do their job. As we hopefully emerge from the COVID-19 crisis, digital adoption will continue to accelerate and Artificial Intelligence (AI), Internet of Things (IoT) and Machine Learning (ML) will become more ubiquitous. Companies and governments are ramping up their own digital adoption to fight COVID-19 and help their employees and citizens respectively get back to work in a new normal, but the choice should not be between privacy and health, it must be both.
There is no doubt that the COVID-19 Crisis has accelerated digital adoption for governments and industry. In attempts to tackle the virus, many governments have deployed very invasive tools, China, for example, are monitoring smartphones, utilising facial recognition technology, and requiring all citizens to report on their body temperature. China is not alone, and many countries are rolling out their own app for tracking citizens, with good reason, however, the risk is where does it go from here? Transparency is key to trust, for both governments and companies.
In the immediate term, most companies are not prepared for the new norm of working from home, we see this across every sector. The risks do increase when staff work from home. Most of us at home are relatively tech-savvy, with smart TVs, gaming platforms, and wireless routers common place. Some homes have many Internet of Things (IoT) devices installed which can add complexity to the challenge and vulnerabilities to the network.
Unfortunately, it is not generally the case that enough protections are in place to ensure that we are protected. Data Protection Officers (DPO’s) / Chief Privacy Officers (CPO’s) / Privacy Leads need at a minimum to retrain their staff that can work from home, update and enforce their policies, and tests how susceptible staff are to clicking on the massive increase in phishing attacks.
In addition to this privacy, teams need to have the ability to assess vendors remotely and run Data Protection Impact Assessments (DPIA) remotely. It is clear that more and more companies are deploying Artificial Intelligence capabilities into their products and services. DPIAs are almost always required, but how should companies do them when it comes to AI and remote working, and is the latest drafting of global data protection regulations even capable of capturing the risks? The spirit of the GDPR is to protect the basic human rights of living individuals, but do the principles of the GDPR enforce safeguards that put the power in the hands of the data subjects, rather than in the hands of the AI? We are seeing many problems in the market relating to this and privacy teams need access to the right tools to run effective DPIAs in order to determine the risks.
We are now in a global regulatory environment, 65% of the global population will be under ‘GDPR (General Data Protection Regulation)’ like regulation by 2023, up from only 10% today* and more privacy laws came into effect in 2018 than in the previous century. This has resulted in a massive increase in privacy teams. In 2018 there was an estimated 70k privacy teams in Europe, by 2019 that number was estimated to be 500k, and by the end of 2022, more than 1 million organisations will have appointed a Data Protection Officer (DPO).
These privacy teams need a privacy management platform to do their job, now more than ever. In relation to the market, most analysts do expect a deep recession at this point, most predicting an ‘L’ shaped recovery, however, the demand for tools that privacy teams need, i.e. privacy management platforms, will continue to increase over the next couple of years. Before the COVID-19 crisis, the compound aggregated growth was estimated to be 33% for the next 5 years. It is likely that after we come out of this crisis the CAGR will be even greater.
As we move into a new norm of accelerated digital adoption, this has two significant impacts for Data Protection Officers (DPO’s). The immediate challenge of how to manage privacy programmes when everyone is working from home, and secondly, how to manage increased complexity within companies due to the deployment of more complex systems. Companies need to ensure that they are building technologies that have Privacy-by-Design as a governing principle, and that also are for the good of individuals and not to their detriment. Having access to the right tools to do their jobs is more important than ever.
Source: Gartner Predicts for Future of Privacy 2020, January 20th, 2020