Data Privacy Primacy

October 2019

Just over one year after the General Data Protection Regulation (GDPR), and the looming 2020 deadline for the California Consumer Privacy Act (CCPA), data privacy remains a key concern for boards. In fact, a plurality of board members (46%) say they are briefed at least quarterly on data governance. Only five percent of boards are not briefed at all.
 
Companies that operate in the EU or in California must now consider significant new rules around how consumer data can be collected, used, sold and shared. The new laws have overhauled how data is treated by companies across all industries, and they are only the beginning. In September, 51 major tech companies joined a growing chorus of stakeholders who are calling for a national data privacy law in order to provide a consistent and proactive framework for handling the issue, rather than taking a state-by-state or case-by-case approach.
 
In the meantime, companies are moving forward with a broad response to current regulations. Almost half (47%) have implemented or updated internal privacy policies, and 43% have increased data privacy resources and budgeting. Just 13% have hired a Data Protection Officer, though creation of these types of corporate roles may be growing in popularity. In September, Walmart created a Chief Counsel of Digital Citizenship role responsible for advising on privacy and security.
 
Chart of response to GDPR, CCPA and Emerging Data Privacy Regulations
 
“The new standard in data governance is not just privacy, it’s ethics. Boards should ensure not only that companies are prepared to comply with current and developing data privacy regulations, but that they are also implementing a holistic data ethics program with a framework that guides data ownership, transparency, consent, privacy and financial value.”

Professional headshot of Karen SchulerKAREN SCHULER
BDO USA’s Governance, Risk and Compliance National Leader