Why Large Corporations are Taking a Globally Compliant Approach to Data Privacy
The number of high-profile corporations committing to a global approach to data protection and privacy compliance is staggering. It might be easier to find one that isn’t.
A partial list includes Airbnb, Adobe, Amazon, American Express, Apple, AT&T, Boeing, Chevron, Citibank, Cisco, Coca-Cola, Dell Technologies, Dropbox, eBay, ExxonMobil, Ford, General Motors, Goldman Sachs, Alphabet, HP Inc., IBM, Intel, Johnson & Johnson, JP Morgan Chase, LinkedIn, Mastercard, Meta, Microsoft, Netflix, Oracle, PayPal, PepsiCo, Pinterest, Procter & Gamble, Qualcomm, Red Hat, Salesforce, Snap Inc., Spotify, Stripe, Tesla, X, Uber, Verizon, Visa, Walmart, and Zoom.
So, with this many organizations voluntarily deciding to comply with regulations that are more stringent than those in their own country or state, it is important to ask why.
1. New Borderless Regulations
New state and international data protection regulations are borderless, meaning they apply to any organization doing business with the citizens of those jurisdictions regardless of where the organization is located and regardless of where those citizens might travel. While international enforcement of this approach is impractical, it dramatically impacts organizations that process payments from around the world or retain or move data internationally.
2. Anticipation of the Inevitable
Since the enactment of the EU General Data Protection Regulation in 2016, countries and US states have continually been enacting similar laws. By complying with the more advanced regulations, these corporations are simply getting ahead of inevitable future changes. Data protection regulations are constantly changing and jurisdictions with less advanced regulations will inevitably take their lead from the more advanced ones.
3. Best Practices
More advanced regulations represent best practices. Corporations might be able to get by with lower standards, but they aspire to do what is best for them and their customers.
4. Public Perceptions
Data protection and privacy now have a high level of public awareness and sensitivity. Major corporations always seek to be viewed in a favorable light by their customers and stakeholders.
5. ESG Commitments
Compliance with data protection and privacy regulations fits squarely under the Governance profile of a corporation. No company can truthfully tout its dedication to ESG without aspiring to global compliance.
It’s about Leadership
While leaning into higher compliance requirements is to be commended, it is also good business. It allows data controllers to better fulfill their stakeholder obligations and data processors to become true compliance partners with the controllers they serve.
One thing is clear, defaulting to a globally compliant data protection and privacy standard has grown beyond a trend and is now a rightful expectation.
Related:
A New Value-add for Data Protection Service Providers
© 2024 Privata Vox, LLC - All Rights Reserved
About Author
Bob Johnson, CSDS, CIPP/US, CIPP/E, is the Principal Advocate at Privata Vox, LLC. Read more about his long career in privacy and data protection policy development.
Scan OR Click QR Code below to automatically add to contacts