Back to News

As seen on Forbes.

As consumers and businesses alike become increasingly concerned with how their information is being used, data privacy regulations are coming online both overseas and in the U.S. However, there is currently no single, universal law that dictates data protection, so tech leaders have to take extra care to stay “in the know.”

The members of Forbes Technology Council understand the importance of keeping up with ever-changing data privacy regulations. Below, they share 16 tips for tech leaders looking to maintain compliance with growing and changing data privacy laws.

1. View privacy regulations as an opportunity.

Don’t see privacy regulation as a limitation. It’s an opportunity. Think seat belts or the Clean Air Act: Companies that adapted early were well ahead of the game. Tech leaders who look for creative solutions now—such as providerless tech in the fraud prevention industry—can make regulations many companies fear into a real boost for their tech infrastructure and their customer experience. – Itay Levy, Identiq

2. Make data privacy a core value.

In the wake of the EU’s strict General Data Protection Regulation, more and more data privacy regulations are being introduced around the world. The best way to stay compliant is by taking a holistic approach and institutionalizing data privacy as a core value in your organization. Be transparent, practice privacy by design and privacy by default, use data minimization, and avoid transferring data outside the EU. – Robert E.G. Beens,

3. Consult compliance and legal experts.

Consult compliance experts and legal departments regularly to keep abreast of changes and ensure that your policies, procedures and controls are updated. The acceleration of data privacy laws is forcing a mindset shift for organizations toward considering data privacy in terms of current and future processes. Pay attention to reporting requirements; permitted notification windows can be exceedingly short! – Cody Cornell, Swimlane

4. Integrate customer data.

Double down on customer data integration efforts. You’ve been trying to master siloed data to build a complete 360-degree view so that you can add new customers and build relationships with them. Now you need to know where all that customer data resides when they decide to change these relationships with you. It’s the same data problem but with a very different level of rigor necessary to avoid issues. – Mark Marinelli, Tamr

5. Only collect the data you really need.

The primary aspect is to understand the real need for the data. There are so many companies capturing all kinds of data without knowing if they really need it or will use it. I would recommend not going after big data. Rather, go after smart data—data that is really needed for the organization. After data collection, secure it and be careful in sharing it with others. – Asokan Ashok, UnfoldLabs Inc.

6. Set up automated systems to monitor new policy releases.

Tie your inner policies to all the regulations. The quantity of the new policies rises so fast that it might be really hard to keep track of them. But you can easily keep track of your own policies. Keep some AI or ML tools that will update you on the need to change your policies and you will automatically learn when a new security standard arises. – Daria Leshchenko, SupportYourApp Inc.

7. Take the initiative and adapt quickly.

Pay attention to regulation changes and adapt accordingly. Speed is crucial in the tech sector. Dealing with new regulations can be tough, but those who don’t keep up are only sabotaging themselves. If you take the initiative and adapt quickly, customers will see that you care. At a time when reputations can crumble overnight due to a data breach, establishing trust is priceless. – Marc Fischer, Dogtown Media LLC

8. Hire a privacy officer.

Organizations should create a strong privacy foundation, hire a privacy officer and have a well-thought-out policy to stay ahead of the game. You should make data privacy a core value so that it is easier to react to changing regulations because infrastructure, personnel and awareness are already in place. A key message to imbibe is “Data privacy is everyone’s responsibility.” – Shashank Garg, Infocepts

9. Consider adopting a privacy framework.

Many organizations are already using security frameworks as the foundation for their IT security program. For example, the NIST Privacy Framework is agnostic to specific regulations and can provide the basis and controls to make it easier to adapt to future changes in the regulatory landscape. – Ilia Sotnikov, Netwrix

10. Subscribe to relevant publications.

It’s essential to have a dedicated person or team who can follow the legal changes. And since most tech companies are unique either because of their products, industry or location, you’d be wise to subscribe to relevant blogs, publications and legal trade journals for your business category or industry. They’ll have the latest information that you can use to develop future product strategies. – Thomas Griffin, OptinMonster

11. Audit and update your data processes.

Businesses have become natural hoarders of data. But we all know data protection and privacy is not going away any time soon, so business leaders should use this as an opportunity to thoroughly audit, cleanse and update their data stores, policies and procedures. Throw out data that isn’t benefiting you and tighten up the rest. Getting on top of data management ahead of regulation is key. – Sam Amrani, Olvin

12. Map out your data supply chain.

Technology leaders need to focus on mapping their data supply chains—including gaining and maintaining an understanding of data sources, use restrictions and other constraints—to appropriately manage privacy and security regulations and best practices. Basic efforts to inventory data sets and to understand how data is transformed and combined are paramount to success. – Jason Crabtree, QOMPLX, Inc.

13. Know where your data resides.

Think about where your data resides and which jurisdictions it could be subject to. If you’re operating a mission-critical application in a specific country, it may be beneficial to run your workloads on regional cloud infrastructure to simplify the number of jurisdictions where privacy regulations apply to your data. – Maddison Long, CloudOps

14. Develop documented, accessible audit trails.

Data privacy policies change by region or country relatively rapidly. At a minimum, have a governance policy in place and make sure all of your systems have well-documented and understandable audit trails available to all stakeholders. This rule documentation will help with faster adherence to new policies. – Ryan Peeler, Voxx Analytics

15. Increase your visibility and understanding.

Data privacy and data protection regulations continue to evolve. Increasing visibility and understanding across complex digital landscapes allows organizations to support countless value-added use cases while also meeting compliance requirements. Both compliance and insight improve significantly by simply being able to intelligently search for and pinpoint the right information. – Alexandre Bilger, Sinequa

16. Strive for clarity in your user experience.

Consumer privacy acts, both in the U.S. (California Consumer Privacy Act) and overseas (GDPR), now mandate how data is collected, stored and used. Though they vary in the specifics, the penalties for lack of transparency are universally punitive, whether the purpose was intentional or not. Strive for clarity on the front end of your UX and you’ll have fewer concerns about falling out of compliance on the back end. – Meghann Chilcott, XIL Consulting