The number and complexity of regulations addressing data privacy continues to increase significantly. Companies offering cloud-based services must comply with these regulations or risk losing business due to customer trust issues and/or potential fines and other legal action. Compliance with regulations like the GDPR and CCPA requires companies to address a wide range of items, including privacy assessments, cookie consent, and data subject access requests.
The digitization of data has inevitably led to a myriad of data privacy laws that span the globe. These regulations all need to be considered when doing business in the respective countries/regions to which the rules apply. Below is just a sampling of data privacy regulations that have been introduced in recent years:
- The General Data Protection Regulation (GDPR), which took effect in 2018 across the European Economic Area (EEA)
- All 50 U.S. states now have data breach notification laws
- The California Consumer Privacy Act (CCPA) has been passed, and at least five (5) other U.S. state laws related to data security and data disposal, including in Washington State, New York and Rhode Island, are progressing through the legislative process
- The Brazil General Data Protection Law (LGPD)
- Canadian data breach notification, risk assessment and reporting requirements updates
- The Turkey Data Protection Law
Cloud-based services are in a unique position in that they may play a dual role when it comes to data privacy management. These services may determine how personal data is processed, and they also may perform the actual processing of that data. Cloud-based services may be both:
- Data Controllers – Determining the purposes and means of processing personal data and
- Data Processors – Processing personal data on behalf of a data controller.
This potential dual responsibility requires providers of cloud-based solutions to pay special attention to data privacy – both in terms of establishing trust among themselves, their customers and end users – as well as regulatory compliance with current and future data privacy laws.
Read the TrustArc Solutions Brief “Managing Privacy Compliance in the Cloud” to learn more about:
- Privacy compliance requirements for cloud companies.
- Establishing and maintaining trust as a cloud-based service.
- Guidance on how to achieve privacy compliance with regulations such as GDPR and CCPA.
- TrustArc solutions to help you achieve compliance and establish trust.
- And much more!
TrustArc offers a broad range of solutions to help companies build and manage a privacy program. The solutions include the TrustArc platform, consulting services and certification / validation programs that can be tailored to meet your business needs. To learn more, download “Managing Privacy Compliance in the Cloud.”