Ryan Meade, Director of Regulatory and Compliance Studies at Loyola University Chicago School of Law, there are three particularly interesting developments to watch closely.
1. Rollout of the EU’s General Data Protection Regulation (GDPR)
The European Union Parliament approved these regulations in April 2016, calling the GDRP “the most important change in data privacy regulation in 20 years.”
While designed to align data privacy laws across in Europe, the GDPR will have global reach: controversial provisions “travel” with EU residents when they are outside the EU.
The GDPR also puts into legislation “the right to be forgotten,” which requires organizations to establish complex opt-out mechanisms. No one really knows whether this can be accomplished.
The potential penalties for non-compliance with the GDPR, which goes into effect May 25, 2018, are serious—particularly for companies with assets inside the EU.
2. Don’t Overlook about China’s Cybersecurity Law
Many organizations have been so busy bringing their compliance programs up to speed with the GDPR, that they completely missed China’s Cybersecurity Law, which became effective in July of 2017.
“China’s law, in many ways, is more onerous than the GDPR and severely restricts movement of certain information outside of the country,” says Meade. “The law poses many unknowns on what the obligations are for firms that create or transfer sensitive information into China and whether the data can be transferred out and under what conditions.”
3. Sweat the Small Stuff
The ever-increasing sophistication of hacking methods often consumes our attention. While data professionals are distracted by the new bells and whistles, many security breaches still happen the old-fashioned way.
“All organizations are scrambling to secure personal and sensitive information to make sure that vulnerabilities are managed,” says Meade. “While companies are in a never-ending race to out-tech hackers, it seems that firms are continually tripped-up by simple privacy breach errors, such as lost laptops or unencrypted flash drives left in coffee shops.”
Meade says the key to preparing for compliance changes is to recognize that laws, regulations, and risks are never static. Compliance professionals must keep up with not only the changes in laws and regulations, but also, governments’ auditing and enforcement methods.
They key to keeping compliance programs current is continual education and training—as well as using the latest techniques for auditing and monitoring. Compliance does not stand still, and neither should compliance professionals.
Loyola’s Center for Compliance Studies equips professionals in compliance and business law, with a focus on practical skills to develop and maintain regulatory compliance programs. The center stays ahead of the evolving privacy landscape, offering new courses that explore the international dimension of privacy compliance and practical hands-on training in dealing with privacy breaches. Learn more about Loyola’s Online MJ, Online or In-Person LLM, and Certificate programs.
Copyright © 2018, Chicago Tribune