Five Reasons Why Data Privacy Compliance Must Take Center Stage in 2023


Compliance will take center stage as a top business priority in 2023, spurred by several factors, including data privacy laws, cloud migration, and the need for data sharing and analytics, discusses Ameesh Divatia, co-founder and CEO of Baffle.

As someone who spends their workdays – and more than a few work nights—talking to executives about their most pressing data security concerns, I found that regulatory compliance became the most popular topic of conversation in 2022. But compliance concerns are more than anecdotal in nature. In a recent report from EMAOpens a new window , 95% of respondents said compliance concerns have impacted security strategies. Further, 74% of respondents indicated that they have plans to increase their annual investments to address compliance issues. 

While compliance is a hot topic, it’s certainly not new. If I were to pinpoint when compliance discussions occurred with growing frequency, I would say it was after the adoption of the EU’s GDPR in 2018 – the most aggressive and widest-reaching data privacy regulation to date. 

GDPR may have introduced the conversation, but the numerous data privacy laws that have followed (more on that later) have elevated it to ubiquity. What is notable to me is how the focus of these conversations has shifted from “What can you tell me about compliance?” to “What should we be doing to avoid fines?” 

Given the growing concern over data privacy compliance in the past year, I fully expect 2023 to be the year when compliance takes center stage as a top business priority across verticals. Let’s take a closer look at the factors that have led to this ‘perfect storm’ of regulatory awareness.

See More: How To Comply With Data In Five Steps

Data Privacy Laws Are Expanding

Since GDPR, countries outside of the EU have adopted similar legislationOpens a new window , and more countries are following suit. The U.S.-based companies that operate on a global scale have had to quickly evaluate data security measures to maintain compliance with various international privacy regulations. 

And U.S.-based companies limited to domestic business are paying attention, too. While there is no national data privacy referendum in the U.S., individual states are taking matters into their own hands to create a baseline for how organizations address privacy. Four states—Colorado, Connecticut, Utah and Virginia – will begin enforcing state data privacy legislation in 2023. And California, the first state to enact such a law in 2018, will commence enforcement of a more stringent version called the California Privacy Rights Act (CPRA) in 2023. Three other statesOpens a new window – Michigan, Ohio and Pennsylvania – introduced privacy bills in 2022. A significant number of companies are already covered by at least one data privacy law, and those who aren’t certainly see the writing on the wall. Even in the absence of a national referendum, remaining competitive – especially on a global scale – requires a commitment to data privacy and protection standards.

Complying with Multiple Laws Is Inherently Complex

Sorting out the confusing nature of a single data privacy law is one thing, but navigating numerous laws is yet another. No two data privacy regulations are identical, so action plans for addressing them often vary from law to law. For example, the Utah Consumer Privacy Act (UCPA) is widely considered to be more favorable to businesses, while CPRA offers more consumer protection. Also, many laws have different definitions of sensitive data and how it should be protected.  

These are just two complicating variances, and there are many more across all state data privacy laws. The complexity deepens for companies that operate both stateside and abroad. Many business leaders have told me that trying to satisfy each law is akin to walking in the rain without getting wet. 

Cloud Migration Left Companies Vulnerable to Non-compliance

The pandemic and subsequent migration to the cloud had an unintended compliance-related consequence on many businesses: under-protected cloud data. As companies tried to facilitate an overnight transition from an office setting to a virtual workplace, many organizations prioritized speed over security and, subsequently, leaving data exposed—while potentially putting themselves out of compliance. Today, many organizations are still catching up to ensure their cloud processes are in line with the data privacy regulations they must comply with. In short, organizations are more motivated than ever to dedicate additional resources to enjoy the benefits of the cloud while maintaining continuous compliance.

Data Privacy Fines Are Grabbing Headlines

Sometimes a splashy news story can get your attention faster than the fine print of a legal document. In 2022, retailer Sephora incurred a $1.2 million fineOpens a new window for not complying with the California Consumer Protection Act (soon to be replaced by CPRA on Jan. 1, 2023). In 2021, Amazon was hit with the largest GDPR fine to date of $887 million, and WhatsApp suffered a $227 million penalty.

As state data privacy laws begin enforcement in 2023 – and the specter of fines becomes a reality – companies are going to be making a concerted effort to maintain compliance and avoid seeing their name in print for the wrong reasons.

How Companies Use and Share Data Has Changed

Maintaining data privacy compliance is a straightforward task if your data sits in an on-premises database throughout its lifecycle. But this is not 1995. Today, data analytics and data sharing are critical components of every business, and data is on the move to extract market-differentiating insight. However, data movement makes complying with data privacy laws inherently more challenging.

In the last year, clients and prospective clients have expressed well-founded concerns about the balancing act between data utilization and ensuring its protection. And the prospect of doing so is even more challenging when you consider that data analytics occurs in the cloud, which, as we discussed, carries its own set of vulnerabilities. 

With these five factors reaching a veritable apex, compliance must be a top priority next year. Companies that are proactive in their data privacy and security approaches will find themselves in an enviable position in 2023. And those that employ the processes and tools that go beyond compliance and address how data must be protected as current laws are modified and new ones are introduced will be even further ahead of competitors. Data privacy is not a fad or a passing fancy. It is here to stay, and now is the time to start addressing it as a top business priority.  

How are you being proactive with data privacy compliance? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

Image Source: Shutterstock