The issue of data privacy has risen dramatically over the past few years, from a fringe concept to a major regulatory concern, particularly with the creation of GDPR. But what predictions do experts have for data privacy in 2020?

We heard from experts across the technology space about their predictions for 2020, from new regulations to emerging business practices shaping data privacy.

2020 data privacy predictions

The rest of the data privacy iceberg will begin to emerge

While regulations like Europe’s GDPR and the California Consumer Privacy Act (CCPA) have already been established, we will continue to see new regulatory developments surrounding data privacy through 2020 and beyond. Although these regulations have their inherent differences, the general scope of data privacy laws is to give consumers the right to know how and what type of personally identifiable information (PII) is collected, and the option to take legal action in the event that they should incur damages from bias or data security breaches.

Until now, most organisations have focused their efforts on structured information, but they must also be able to understand what PII is located in textual data documents. Archived data, in particular, is an especially pressing concern for most enterprises. AI-powered solutions will be instrumental in locating sensitive data and managing it through automated workflows.

Organisations will also need to establish internal data governance practices to determine who is accountable for data security and enterprise-wide policy, which may include creating teams that blend technical and regulatory expertise.

Zachary Jarvinen, head of technology strategy, AI and analytics, OpenText

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Data-as-a-Service will become a growing source of revenue for big companies

The effective use of enterprise data for strategic decision making has become a key priority for all big companies in the last few years. As a consequence, companies have created high quality datasets and a sophisticated technology architecture to manage them and expose them to consumers. Companies have also invested heavily in automating their business processes for greater efficiency.

In the new year, since many big companies will now own high-value, unique data and services, the next logical step is reusing this infrastructure in order to offer them to third-parties. For instance, we are already seeing telecommunications companies selling customers geolocation data for a variety of purposes.

This trend will be significantly accentuated during 2020 in all major industries. From the investment standpoint, this will involve higher demand for the technologies involved in creating and exposing data as a service, like GraphQL, Data Virtualization and/or API management tools.

Alberto Pan, chief technical officer, Denodo

The emergence of global data standards and data-centric roles

Data bloat is only one of the challenges facing organisations in 2020. The next most pressing will be data quality and efficiency of managing it. Not all companies take the same pains to optimise their data, resulting in repositories of unstructured data that are larger and less efficiently managed than they should be.

While standards such as GDPR have started to make a positive impact on helping companies prioritise data hygiene and protection, there is no single, global framework that tells businesses how they should store, manage, classify, protect and secure their data.

It’s easy to become accustomed to the status quo, but this divergence in data practices only slows down the flow of data between organisations and forces many to waste added time and resources on data cleansing and management. Data has become the lifeblood of many sectors – we can’t afford to let it clot. That’s why we’ll see the beginnings of a concerted movement across industries to bring in legally enforceable standards for data quality. Arguably synthetic data will commonly be used as a mechanism to share intelligence without compromising the source or the subject of the data.

A single, global data standard that crosses borders remains a pipedream, but we should expect to see many industries start to entrench good data practice for their members, regardless of their country of origin or location of their customers. The penalties for non-compliance may even include fines, the loss of industry accreditation or being banned from important associations. Of course, mileage and speed will vary from sector to sector – already heavily regulated industries like banking and healthcare will likely take the lead – but any progress means better data quality and fewer data dilemmas.

The question is, who in the organisation will be charged with enforcing these new data standards? Many businesses already employ chief data officers (CDOs) and data protection officers (DPOs) to ensure their digital estate is secure and protected. However, the sheer amount of data they are responsible for, coupled with the growing awareness of data’s importance across the entire business, means we are going to see data responsibility filter out rather than become more centralised.

Rather than having a single CDO or DPO, different departments will begin to employ personnel with multiple competencies, including data expertise. Candidates with data experience in addition to the skillset traditionally expected for their role will only become more sought after as organisations hire for new hybrid roles. Other departments may take the alternate approach of hiring their own data specialist. Regardless, the time when data responsibility was passed off to IT or laid solely at the feet of the CDO will come to an end.

Jasmit Sagoo, senior director, head of technology UK&I at Veritas Technologies

A flood of data privacy regulations

The cybersecurity Magic 8 Ball indicates that ‘all signs point to yes’ when asking whether more regulations would come in 2020. CCPA and NY SHIELD foreshadow 2020’s privacy and security trends. The United States Congress debated a federal privacy regulation in June 2019. Despite being derailed at the end of the year, businesses and congresspeople alike are pushing to create a single, cohesive federal law governing privacy and security.

The United States isn’t the only country looking to formalise and consolidate its privacy laws. The Saudi Arabian Monetary Authority (SAMA) cybersecurity framework in conjunction with the GDPR’s extraterritorial impact pressures other Middle Eastern countries to update their privacy regulations. For example, the Dubai International Financial Centre Authority (DIFCA) sent out a call for public commentary in June 2019. 5.

More than quantity – also quality. If the GDPR and CCPA taught the cyber community one lesson in 2019, it would be that not all laws are created equally. While the GDPR and CCPA are testing just how far a ‘local’ law can reach, India’s Personal Data Protection Bill and the failed New York Privacy Act test the standard of care companies need to provide.

Both of these regulations use the term ‘data fiduciary’. Traditionally used in terms of money, a fiduciary duty requires a company to act in someone else’s (often shareholders’) best interests. If regulations continue to use the term ‘data fiduciary’, organisations may be held to a higher standard of care than ‘negligence’. If regulations begin to adopt the term ‘data fiduciary’ in 2020, we predict a cultural shift recognising information as a financially valuable asset.

Alex Heid, chief research officer at SecurityScorecard

Consumer rights, data privacy regulation and more lawsuits

Customers are more aware now of the rights of GDPR and other data privacy regulations around the world. And as breaches hit the headlines every day, 2020 will be the year customers start to ask more questions and demand more control over where organisations are storing data and how they are protecting the data.

In 2020, companies will pay nearly $3bn in fines and payouts from lawsuits, a 50% increase over 2019. As a results, data discovery, classification and remediation by protection sensitive data through automated workflows will become important and be an extremely important initiative for enterprises.

Ashvin Kamaraju, CTO for cloud protection and licensing activity at Thales

Corporate transparency to become a necessity

2020 will require that companies make transparency a reality. Consumer demand for brands to be more open is clear. If they don’t pull back the curtain on their business, they will lose trust and ultimately loyalty.

Data transparency is the hottest topic, for sure. It’s not easy for businesses to do, but they will need to find ways to be more open about the data they collect, how they use it, and how it impacts decisions. They also need to show how they’re protecting it.

Beyond personal data, proving the provenance of products – from food to clothes – and demonstrating ethical and environmental credentials will all become more important. The reason more transparency will be really important in 2020 is because demand for it is growing, and the technology/tools are available, so we’re on the verge of someone being able to do it really well.

Once one brand is able to redefine customer relations in this way, they will set the standard of expectations, and everyone else is instantly behind. And if they lag behind for too long, they might find themselves on the list of companies that couldn’t survive in the digital era.

Emma Kendrew, intelligent engineering services lead for Accenture Technology

Read more: Data privacy is the biggest regulatory threat to Big Tech, says GlobalData

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up