2020: The Year of Compliance and Data Discovery

In 2019, we saw organizations demonstrate that a smart data management strategy can make a huge difference to their bottom line. As an organization collects more and more information, their data is becoming more valuable, and at the same time, more vulnerable.

In 2020, as we see increased concern around data security and compliance, organizations will need to take the necessary steps to ensure they are properly using and securing their data. With that in mind, here are four major reasons why compliance and data discovery will be major points of emphasis for organizations in 2020.

1. The Value of Data Continues to Grow, Driving Greater Demand for Privacy/Security

In today’s world, data is more valuable than gold, and it’s more than just CEOs and CMOs who are realizing this: malicious cybercriminals are, too. According to recent research, the first six months of 2019 saw more than 3,800 publicly disclosed breaches exposing an incredible 4.1 billion compromised records. That’s just half the year; 2019 is set to be a record-breaking year for data breaches. As we start a new decade, organizations will need to put more focus on discovering where all of their data lives, determining whether it’s sensitive and how to best secure it. New compliance standards like the California Consumer Privacy Act (CCPA) are creating an opportunity for organizations to develop good data management policies that allow them to better protect themselves from data breaches.

2. CCPA Will Be Under a Microscope

When GDPR rolled out, the fines were so high that many companies questioned if they would even be enforced. It wasn’t until this past year, when the Information Commissioner’s Office in the U.K. fined British Airways $230 million as a result of the 2018 data breach, that organizations realized these fines were taken very seriously. But the CCPA, set to become effective on January 1, will raise a new standard for consumer privacy rights at the U.S. state level. Falling in line with the privacy laws of Massachusetts, Vermont, Ohio and others, state and local governments will closely monitor the business impact privacy regulations like CCPA have on their local economies. They’ll want to understand whether or not organizations will continue to do business in the states with harsher privacy laws, or if they will look elsewhere to avoid costly fines. To combat this internally, CISOs and those whose role it is to handle security and compliance will look for tools and solutions to help them achieve compliance standards and regulations.

3. GDPR and Brexit: Continued Chaos

Simply put, in the short term, Brexit will have no impact on GDPR, as it will continue to apply to the U.K. once it leaves the EU. As it stands now, GDPR will be incorporated into U.K. domestic law as part of the European Union (Withdrawal) Agreement and will continue to function alongside the Data Protection Act of 2018. However, with the upcoming winter election in the U.K. and the opposing views on the Brexit agreement from the candidates, there are some lingering questions that still require answers.

Currently, the GDPR states that personal data can only be transferred out of the European Economic Area to countries with an adequate level of protection. What will the position be for EU companies needing to transfer personal data to the U.K.? And what about transfers of data from the U.K. to the U.S. post-Brexit? Will the U.K. have to negotiate its own arrangements with the U.S.? Will it attempt to piggyback on the Privacy Shield arrangements that the U.S. has with the EU?

Businesses will be looking to the U.K. government and the Information Commissioner to clarify such questions, because without the effective free flow of personal data, there will be a detrimental effect on the economy of the U.K. We can expect to see some answers to these questions in 2020. In the meantime, businesses will need to be on their toes and ready to adapt to new changes quickly, as the election and Brexit’s timeline is still in flux.

4. Need for Data Security Within Freemium Modeled Companies

As retail continues to move from brick and mortar to online only, we will see an increased focus on data privacy and security — not just in traditional retail, but throughout every business conducting e-commerce. We expect to see added data security pressure in two industries in particular: gaming and social networking.

Both industries run on a freemium model – one that we see continuing to gain momentum in 2020. In this model, customers are either paying for a product outright or the company is collecting personal data in exchange for a good or service. There are few compliance regulations for this model. As we move into 2020, companies with this freemium model will need to prioritize their security measures for the destruction and disposal of personal data and transactions. If they do not comply with consumer privacy and data regulations and security regulations to avoid fraud and cyberattack, they will see severe data threats.

As we enter a new decade and the value of data continues to increase, organizations must continue to take account of and ensure the security of their data. By failing to do so, they are setting a dangerous precedent that can have repercussions that far outlast the life of their business.