Historically, individuals used fireproof safes, solid steel safe boxes or safety deposit boxes at banks to preserve all of their critical and personal data. However, today due to the rapid development of technologies that collect, process, maintain and share personal data, the risk of individual harm, data breaches, misuse, litigation or regulatory fines has exponentially increased. This is driving the need for, greater data protection, expanded individual rights procedures and greater transparency.                                                                                                                                                                                   

Why? Virtually every country has enacted some level privacy regulation to regulate how personal data is collected, data subjects are informed, and what individual rights a data subject has over his or her information. Navigating these regulations can be daunting, as realized in the General Data Protection Regulation (“GDPR”), the forethoughts by the authorities was to provide expanded individual rights, GDPR was just the beginning and it certainly won't be the end.                                                                                                                                                                                                                                      

Privacy regulations have been intensifying and ratified in the European Union, United States, South America, Asia Pacific and Australasia Regions, in particular regulations such as the EU General Data Protection Regulation (“GDPR”), the EU ePrivacy Directive, Lei Geral de Proteção de Dados Pessoais (“LGPD”), Personal Data Protection Act (“PDPA”) and the California Consumer Privacy Act (“CCPA”) are only a few of the new “direction” of privacy legislation globally.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Businesses need to evaluate virtual communication technologies, clean desk practices, data use and management procedures, assess and identify the types of data collected, transfers, storage and retention to attain risk and compliance levels, and characterize gaps in their privacy program. As necessary, businesses should update or adopt new protocols and procedures for managing privacy compliance.

In today’s marketplace, business must continuously update, enhance, maintain and measure their data privacy, information governance and data protection programs. By focusing on costs vs. risks and regulatory requirements, Privacy International, LLP can define an enterprise-wide information governance program, develop incident management plans, manage a data breach, document individual rights processes, complete a data inventory or assess the compliance level of the current program.