Earlier in the summer marked the first anniversary of GDPR, but also marked the largest privacy conference in history. The International Association of Privacy Professionals (IAPP) held its annual Global Privacy Summit (GPS) which was the largest in history. Nearly 4,000 privacy professionals gathered from all over the globe to focus on the monetization of personally identifiable information as a valuable data resource while balancing that with privacy protection for individuals. As the role of the Chief Privacy Officer is drastically expanding as it is dynamic, let’s review some key trends in consumer privacy as it relates to the data.

Privacy is an Opportunity for Relationship Building and the Customer Experience

Privacy notifications are often the first impression that consumers face when interacting with a company or brand. Rather than a necessary legal motivator, privacy notifications are often a company’s chance to make a first impression. Gone are the days of complex legal jargon presented to a customer as a formality, many companies are employing an approach to make these notifications easy to understand, in-line with consumer privacy expectations and integrated into the customer journey.

Move Beyond Privacy to a more Strategic Approach

Did you know that only 36% of global compliance executives say they are fully GDPR compliant? Individual countries are expanding their own set of privacy regulations that are often more stringent that the initial GDPR mandate. As a result, companies are expanding and integrating their compliance efforts into more areas of the business from development to marketing and everything in between. This continuous collaboration incorporating Privacy & Security by Design is essential.

Privacy Program Communication Changes

In both internal and external communication about privacy programs, companies must focus on the value the programs are bringing to both internal stakeholders and customers alike. This drives a culture and brand perception to develop quality 1st-party data and partnership strategies. Incorporating terms and phrases such as customer trust, growing revenue and ethics helps drive this strategy and growth.

The Dynamic Role of Privacy Professionals

Privacy professionals including that of the Data Protection Officer (DPO) are becoming more integral and integrated into the businesses. Traditionally, yielding from a legal background, businesses are finding very valuable privacy professionals from a variety of backgrounds including technology and business. The DPO must align and work closely with another emerging role, the Chief Data Officer (CDO), and sometimes are responsible for data governance and monetization. This partnership will continue to evolve to shape emerging data and privacy ethics goals. Additionally, these roles must align themselves with a more traditional role, the Chief Information Security Officer (CISO). It is important for the emerging roles to clearly create roles, responsibilities and accountability within the organization while acting as a unit to meet company-wide objectives.

Privacy Regulation is Still Evolving and Important

More than a year after GDPR went into effect, many companies are still attuned but are wondering what’s next. Specifically, in the US, there is the California Consumer Privacy Act (CCPA) showing signs that California will signal more states to pass privacy regulation at the state level, and many people wonder if a federal-level privacy law will eventually surface. However, businesses should be prepared to navigate the nuances of state privacy mandates.

Additionally, we have already seen the first GDPR fines, and we expect more to come. Fairness, transparency, and content protocols are at the top of mind of regulating bodies. Business should continue to focus and evolve their compliance roadmaps as consumers are more aware of their rights.

With GDC’s Data as a Service model, all data is stored and maintained in compliance with the country’s data protection regulations. The sources are independent reference data sets that are qualified for identity verification use cases, and they are reliably updated and maintained by GDC’s data partners, accessible through a single API.