10 Steps for Tackling Data Privacy and Security Laws in 2020

By Anas Baig, Product Marketing Lead at SECURITI.


Data privacy is real, and it is here.

Organizations are already scrambling to get compliant with data privacy regulations such as the CCPA and GDPR.

According to the UN, 107 countries (of which 66 were developing or transition economies) have put in place legislation to secure the protection of data and privacy.

Apart from avoiding fines, there can be advantages associated with complying with data privacy laws.

According to the survey by Cisco in 2019, “97% of companies realized benefits such as competitive advantage or investor appeal from their private investments”.

With all that being said, organizations need to have a definite plan to comply with these regulations.

To help you on this journey, here are ten steps that can help organizations tackle data privacy and security laws in 2020.

  Compliance is not a one-time thing but rather a slow and continuous effort.

Creating a well-built compliance and risk management program will take time, resources, and dedication.

This will also require organization leadership so keep higher authorities in the loop from the beginning, informing them of the costs of building a successful program, and the costs of doing non-compliance.

  The IT department cannot resolve the challenge of keeping data secure and private on its own.

Technological protection is crucial, but it cannot replace healthy administrative and organizational controls.

Organizations should create teams comprising sales, finance, R&D, marketing, operations, legal, HR, IT.

Altogether, the team should have immense institutional knowledge, a thorough awareness of data laws, and apply it to the business, considering the use of data and the potential threats involved.

  Organizations need to keep a record of all their data privacy policies in writing.

Writing allows for consistency and can support discipline in case any rules are violated.

  Privacy regulations could potentially hold the organization responsible for a data breach on the third-party vendors end.

A recent Deloitte poll showed, “70% of respondents indicated a moderate to a high level of dependency on external entities such as third-party vendors”.

Organizations must assess their vendors before starting a business relationship with them to avoid fines.

  Under privacy regulations such as the CCPA and HIPAA, organizations are required to make their data privacy and security practices visible to the public.

Inaccurate statements that overstate security can lead to lawsuits against deceptive trade practices.

Organizations need to make sure that their policies are accurate and easily accessible.

  Your legal team doesnt need to be full of lawyers, preferably people that have an awareness of legal mandates and a general sense of direction of where the law is headed.

Participating in trade and similar markets can seem helpful, as well as subscribing to dedicated legal resources and blogs.

  With the recent phishing attack hike, organizations should offer role-based training to all their employees.

The training should include general security awareness sessions to reduce data risks that will help employees to better understand and comply with the company policies.

It is also important to teach your employees about the use of VPN, antivirus, firewall, and other security tools for better online exposure.

  To effectively implement the guidelines, your company will have to make changes and upgrade the system software.

Because such updates would require months on end, it would be wise to file in IT change requests as soon as possible.

Failure to update your systems could result in significant legal exposure related to the collection, disclosure, and erasure of personal information.

  Regulations like the CCPA and GDPR have set in motion a realization that manual methods wouldnt be feasible anymore.

It would be virtually impossible to comply with current and future regulations without automation.

Robotic automation can help organizations comply with these regulations swiftly and efficiently.

  Organizations need to make sure that their data security safeguards are reasonable.

It may not be easy to define reasonable, but this should be the principle of your security program.

  In this digital era, organizations are shifting all their data to the cloud, and data privacy regulations are at an all-time high.

It is necessary for organizations to set up a plan that will help them towards compliance.

It may seem like a large expenditure, but organizations could be in for a lot more if they fail to comply with regulations such as the CCPA and GDPR.

Data privacy is a person’s fundamental right, and companies need to work towards giving their consumer’s rights.

In order to do so, organizations need to follow these 10 steps that we shared to comply with privacy laws.

This is the start of a new digital era, the question is, are you prepared for whats about to come? Bio: With a passion for working on disruptive products, Anas Baig is currently working as a Product Lead at the Silicon Valley-based company – SECURITI.


He holds a degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy.

Related: var disqus_shortname = kdnuggets; (function() { var dsq = document.

createElement(script); dsq.

type = text/javascript; dsq.

async = true; dsq.

src = https://kdnuggets.



js; (document.

getElementsByTagName(head)[0] || document.


appendChild(dsq); })();.

Leave a Reply