GDPR and data privacy in 2020 – Staying on the ball

in Regulatory/Compliance, 29.01.2020

More than three years on from publication of the official GDPR text, we might have expected what was once the hottest topic in town to have simmered down somewhat. But au contraire…Here we are in 2020 and the subject of data protection has never been more relevant.

2019 was all about GDPR compliance projects, seeking clarification concerning the various challenges posed by the least specific requirements of the regulation, as well as the implementation of pragmatic solutions to justify a sufficient level of compliance and respect of data subjects’ rights.

In Europe

Within the EU, some regulators (Luxembourg’s CNPD and France’s CNIL, for instance) have launched campaigns to inspect the implementation of various aspects of the regulation – data protection governance, the implementation of the DPO role in companies, respect for the rights of individuals and the processing of children’s personal data. For companies deemed to have reached a sufficient level of compliance, an expert third party assessment is recommended. Why? For comfort purposes and to better prepare for a potential inspection by the regulator.

GDPR across the globe

The EU’s GDPR initiative has had a knock-on effect on several other countries or states (re)introducing legal texts that enforce and improve their residents’ personal data protection – most notably the CCPA (California Consumer Privacy Act), which entered into force on 1 January 2020, bringing its fair share of requirements, and, needless to say, uncertainties.

Like the state of California, several other key economic players are moving towards a personal data protection framework:

  • US – Washington (state) & Florida
  • Latin America – Brazil
  • Asia – Hong Kong & India

For companies operating internationally (particularly in regions where privacy is being revamped), addressing privacy matters means much more than just focusing on GDPR requirements. Of course, remaining compliant with the GDPR is an ongoing exercise, but it’s now more critical than ever for those companies to establish an effective legal watch. Why? So they can detect legal changes early on, decrypt any complexities, identify potential conflicts with EU regulation(s) and, as a result, react in time to avoid privacy risks or other potential setbacks.

KPMG – In the know

Our team of experts is always up to speed on changes in the global privacy ecosystem and ready to help you on your GDPR journey. Want to know more? Get in touch!