TrustArc Blog

The Path of Privacy – 2019 Privacy Predictions by TrustArc CEO Chris Babel

December 28, 2018

Privacy was ubiquitous in 2018. The General Data Protection Regulation (GDPR) deadline on May 25, 2018 came and went as companies scrambled to meet and maintain compliance under the new regulation.  Data protection had a strong presence in the media as large companies’ handling of user data was widely discussed and reviewed.  New privacy regulations were introduced – such as the California Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (LGPD) – meaning more and more companies will fall under the scope of at least one enforceable privacy regulation. So what’s in store for privacy in 2019? TrustArc CEO Chris Babel breaks down next year’s predictions for the path of privacy.

1) Managing privacy will be the new normal, like securing data or paying taxes  

Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project, with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes.

Automating aspects of this continuous process using Assessment Manager will save your company time. Assessment Manager is built on powerful technology that identifies where and why your practices don’t align with regulations, and defines the path to remediation. The workflow tools and Intelligence Engine detect the need for, and then streamline assessments.

2) Ethics will become increasingly important to data-driven innovation

Once a focus only in health care, research, and highly regulated organizations, GDPR and similar laws are driving businesses across sectors to consider ethics by showing that the benefits they claim that new tech and other innovations will bring do not outweigh the potential for data misuse and other risks.  While companies may start with a check-the-box compliance exercise, in 2019 the more innovative players will look to differentiate themselves from their competition by setting up ethical review committees, ethics teams and data ethics officers to formally consider the implications of algorithms and machine learning on customer trust and business outcomes.

Determining whether processing is ethical can be done at scale by automating manual processes. TrustArc offers the expertise and technology to complete these assessments, build a sustainable DPIA & PIA program if needed, automate the process using the TrustArc Platform, and produce reporting needed to show accountability on demand.

3) Consumers will exercise their right to privacy

In 2019, consumers will become more aware of and better understand the rights and mechanisms that regulations like the GDPR have made available to them to manage and protect their data. As a result, we will see consumers become more engaged and active in controlling their privacy settings, sharing less information, unsubscribing from marketing communications and requesting copies of their data or that companies delete their data entirely from marketing databases.

Individual Rights Manager helps with the requirements of the GDPR and CCPA, which require that organizations provide data subjects and individuals with a variety of rights, including: right of access by the data subject; rectification or erasure; restriction of processing; data portability.

4) To be or not to be – 2019 privacy laws at a glance

A U.S. federal privacy law will be much discussed but not passed. The trade deal replacing NAFTA – USMCA – will drive new discussions around cross-border data sharing between the U.S., Canada and Mexico. A handful more states in the U.S. will seek to adopt state privacy laws such as the California Consumer Privacy Act, and 2-3 states will pass one. The EU will agree upon and issue standards for GDPR certification, creating another rush to comply with the standard. The multitude of country-specific privacy laws in Asia will continue to increase and splinter across the region.

While we await the GDPR certification standards, your company can benchmark and report its compliance practices with GDPR Validation. The GDPR Validation enables companies to demonstrate their GDPR compliance efforts and status, using intelligent technology-powered assessments, TrustArc managed services and an independent TRUSTe GDPR compliance validation.

5) GDPR enforcement could slow sales and close down businesses

Most people associate GDPR enforcement with heavy fines levied against organizations. However, enforcement can be much worse than onerous financial penalties. An advertiser was recently forced to cease operations in an entire European market as a result of a GDPR violation. In 2019, we will continue to observe that failure to comply with privacy regulations will have devastating impact on a company’s operations as much as its checkbook. Companies that don’t meet GDPR and other privacy and security requirements will lose business to competitors who do.

Companies can keep consumer trust with the Cloud Privacy Compliance Package, which streamlines the compliance process enabling companies to more easily develop a plan, implement controls, and demonstrate ongoing compliance with GDPR.

6) Privacy regulations will drive innovation and differentiation

Privacy regulations, as the new realities of the world, will force companies to reexamine their approaches to developing innovative and differentiated products and services. As an example, regulations like GDPR are forcing marketers and advertisers to reevaluate how they use customer data. The organizations that embed compliance into their entire product development processes – aka privacy by design – will be able to clearly differentiate against their competitors by offering compelling value to their customers.

Our team of privacy experts, our consultants, can help your teams ensure that your programs incorporate privacy by design principles, among other best privacy practices.

7) Privacy technologies available at any price point

As more privacy regulations are adopted, both GDPR and local laws, we will see a rapid expansion of the number of privacy technology vendors in the market. With the increased sophistication of privacy technologies, a small company located anywhere globally will now have access to solutions at a price point that fits them and makes it worth their while to comply with a law such as the California Consumer Privacy Act to reach even more customers.

The TrustArc Privacy Platform offers a range of modules to help manage privacy for the GDPR, CCPA and other privacy laws. You select the modules you need and can add more at any time.

8) The CCPA is the second chance for the CPO and DPO to become strategic company executives

There is significant overlap between the California Consumer Privacy Act (CCPA), which applies to any company conducting business in California, and GDPR. Companies that took the important steps to comply with GDPR are already ahead of the game, and will have a relatively clear path to meet the requirements of CCPA, while the companies that did not, will be under the gun to comply by the July 2, 2020 deadline. This is a second chance for Chief Privacy Officers (CPO) and Data Protection Officers (DPO) at companies that missed the opportunity with GDPR to position data privacy as a strategic function within the organization.

Build a sustainable plan, implement controls, and manage ongoing compliance with the TrustArc CCPA Platform and Consulting Services.

One thing is certain – privacy regulations, enforcements, and fines will continue to exist and expand in 2019 and beyond. Above all else, implementing and maintaining a strong privacy program will put companies in a good position to handle the requirements of current and upcoming privacy regulations. From all of the privacy experts at TrustArc, we wish you a happy and a compliant new year!


TrustArc, the leader in privacy compliance and data protection for over two decades, offers an unmatched combination of innovative technology, expert consulting and TRUSTe certification solutions that address the GDPR, CCPA and other global privacy regulations. The TrustArc Privacy Platform, which powers all TrustArc solutions, includes modules for managing data maps, risk assessments, cookie consent, individual rights, and ongoing compliance reporting. Headquartered in San Francisco, and backed by a global team across the Americas, Europe, and Asia, TrustArc helps customers worldwide demonstrate compliance, minimize risk and build trust.