The rapid rise in data collection has been easy to ignore for many people. As long as our apps run smoothly and our packages show up on time, we don’t give much thought to what goes into making that possible.
That blissful ignorance has been chipped away in recent years with increased data breaches, scandals, and exposures of bad business practices. As a result, consumers are becoming more aware of how their data is collected, used, shared, sold, and often, mishandled.
Likewise, governments are doing what they can to protect users’ data, give them more control, and hold businesses accountable.
The burden is now on businesses to cultivate a culture of transparency and respect for their consumers’ data.
For this article, we asked several data privacy experts a few questions about the rise of data collection, its impact on the world and regulations, and how businesses and governments should behave going forward.
Who we spoke with:
 Dr. Frank Schemmel, CIPM, CIPP/E, CIPP/US |
 Petruta Pirvan, CIPM, CIPP/E, CIPP/US |
 Cristina Costache, CIPP/E, CIPM, CIPT, FIP |
 Derek A. Lackey, CIPM |
 Tim Clements |
 Jeff Jockisch, CIPP/US |
The Rise of Big Data
The last decade has brought about an unprecedented increase in data collection, usage, selling, and more.
As of April 2022, there were five billion internet users worldwide, a staggering 63% of the world’s population. But data collection does not only come from users logging into a website here and there.
With the rise of “smart” everything, businesses have never had such a treasure trove of user information. These days, data gets collected in everything we do for as long as we remain connected to the Internet.
About 29 billion connected devices have been forecast for 2022, with the Internet of Things (IoT) — everyday objects connected to the Internet — accounting for about 18 billion. This number is projected to be 38.6 billion worldwide by 2025.
Our connection to these devices results in 2.5 quintillion bytes of data generated daily, with our actions constantly recorded, analyzed, and monetized.
The Gilded Age of Data Collection
For a while, businesses had free rein with user data. They could collect data and use it as they pleased with little oversight.
Everything was new and shiny, and the only thing consumers knew was that their lives were being made easier. Data was a word used by tech professionals; it was hardly on any average person’s mind.
As technology grew and we became more connected, companies began to realize the importance of understanding the customer and creating personalized experiences.
So they began to horde data — unfettered and with or without the consent of users.
For example, they began to view customers’ actions, such as clicking a link, downloading a coupon, or making an online purchase, as indicators of future sales success. Marketers could now see how many people clicked on their ads, how much time they spent looking at their products, where they had been before, and whether they returned.
Data was good for business, and it was here to stay.
Big Data Takes Off
As the number of data points companies could collect about a single customer multiplied, marketers began referring to this massive data set as “Big Data” — which can be analyzed to reveal patterns, trends, and associations.
As expected, this led to the creation of numerous companies to help businesses collect and analyze data and build models to predict future behavior. Eventually, these companies began to incorporate machine learning algorithms into the process, creating substantial predictive graphs that marketers use to determine customer behavior and personalize marketing in ways that had not been possible before.
Another significant contributor to big data was the introduction of smart technologies in physical products, which have enabled companies to collect entirely new types of information, such as location and user behavior. The personalization this has enabled is now a central part of the product experience.
But with big data also came big costs. While rich new data streams have made it possible to address all sorts of modern challenges, they also present enormous opportunities for misuse and bad actors.
Increase In Attacks on Data
The exponential growth of data has led to a significant increase in negative consequences for internet users. In fact, a recent University of Maryland study revealed that, on average, there is a hacking attack on computers connected to the Internet every 39 seconds.
For example, European online contact lens supplier Vision Direct revealed a data breach in which cyber criminals accessed the full credit card details of some 6,600 customers. Within five days, a hacker had access to card numbers, expiration dates, and CVV numbers!
Vision Direct claims to have taken numerous measures to ensure this does not happen again. But that’s just one example of many data breaches that have occurred in recent years.
This increase in attacks shows how vulnerable the data we share is and has caused many consumers to end their relationships with companies over data.
We asked the experts:
What is the biggest impact that the rise of data collection and usage has had on our modern world?
Dr. Frank Schemmel, CIPM, CIPP/E, CIPP/US
That, aside from governments and public institutions, a handful tech companies determine the purposes, means of global data processing, and defend their oligopolistic hegemony by any means.
Petruta Pirvan, CIPM, CIPP/E, CIPP/US
The biggest impact is the lack of control over personal data and private affairs. We live in a digital culture, the era of mass measurement. Then the culture of mass collecting is altering the quality of the data. It does not even matter anymore if the data we collect is useful or not. Data stocks are made just in case.
This vision over the data spins on its head the classical concept of data protection and privacy. In this context, how can we make sure that the individual retains the lordship of oneself (“la seigneurie de soi-meme” in French), as Goethe beautifully said referring to the willful man.
Derek A. Lackey, CIPM
I have to say the Cambridge Analytica/Facebook scandal ‘wave II’. . . . . This [scandal] woke some of the public up regarding their own personal information and what could be done with it. Until then we just saw data as a trickle here a sprinkle there, not realizing what smart computer programmers and characters like Aleksandr Kogan could do if they gathered that all together and used it to manipulate the individuals involved!
This story simmered and came to a very slow boil over 4 years until Christopher Wylie blew the whistle and intimately described how the scheme worked.
Cristina Costache, CIPP/E, CIPM, CIPT, FIP
From a privacy perspective it becomes immensely complicated and more important each day. The more technologically advanced we become, the more data we release into the ether, the more it can be used to harm us or others.
The rise of big data can bring both benefits and harms. It is our task as privacy professionals to clearly differentiate and assess whether the benefits are justified for accepting the risks of the possible harms and construct and implement controls in order to reduce as much as possible the possible harms.
Jeff Jockisch, CIPP/US
The biggest impact data collection has had on our modern world is to flip our concerns about Big Brother to Big Tech. Our greatest Science Fiction writers didn’t imagine the rise of surveillance capitalism.
Governments are trying to fix our privacy problems, our data breach problems, our identity problems. But they generally exempt themselves from the regulations they promulgate, in part because too much privacy makes it harder for them to govern, to run polical campaigns, to keep law enforcement happy with surveillance powers.
Yet the privacy laws on the books today haven’t changed data collection significantly. Data brokers are running rampant. Big Tech hasn’t changed much. The ad tech machine is humming right alone. And venture capital continues to fund businesses based on privacy-invasive business models.
The Rise of Data Privacy
As time went on and technology became ubiquitous, people — and governments — became more aware of the risks that came with the conveniences brought on by big data. This awareness led to a demand for more data protections and businesses to be held more accountable for the way they handle user data.
Currently, data privacy statistics show that 75% of Americans believe there should be more regulation to protect their privacy.
While privacy concerns and attempts to regulate them have been around for a long time, it is only with the rise of Internet technology that governments have had to innovate complex legislation to protect their citizens’ data and privacy rights.
We asked the experts:
What sparked the rise in data privacy regulation worldwide?
Tim Clements
In recent years, there has been an enormous increase in new data protection and privacy laws and regulations, and changes to existing. Although many point to the GDPR as being the trigger, we must not forget that Convention 108 is the only international legally binding agreement on data protection law. Convention 108 was first opened for signature on 28 January 1981 by the Council of Europe, an entirely separate body to the EU.
Data protection and privacy laws around the world can be traced back to different origins. In Europe we need to go back to the 1930s in Germany to understand their origin which coupled with the advent of automated processing technologies and revelations of global surveillance, triggered the first data protection laws in Europe in the early 1970s.
In the US, in the late 60s/early 70s, concerns around ‘eavesdropping’ and surveillance enabled by technology, along with the vast volumes of citizen data processed by government and private companies, brought concerns that eventually lead to privacy laws being passed in the early 70s.
In the past 50 years, we’ve seen technology become a critical aspect of many people’s lives, directly and indirectly resulting in outcomes that are often not always favourable to the individual. We now see processing technology in people’s pockets, on their wrists, embedded in their bodies and surveillance as a given in many societies.
Law-makers constantly play catch-up but with new technologies emerging at a rapid pace, and companies eager to adopt them to drive growth, drive down inefficiencies and so on, there remains a constant gap.
Dr. Frank Schemmel, CIPM, CIPP/E, CIPP/US
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (‘Convention 108’) by the Council of Europe as the first legally binding international instrument in the area of data protection – enacted in 1981. It inspired many important current international privacy regulations like the GDPR.
Petruta Pirvan, CIPM, CIPP/E, CIPP/US
In the aftermath of World War 2 which left Europe in ruins a former idea of the US President Woodrow Wilson, that of a world body to guarantee peace has been picked up and the United Nations has been created. The Charter of the United Nations claims in its Article 12 that an invasion of privacy is a human rights violation. At the same time, in 1960s West Germany, there was much reflection on the Gestapo’s privacy abuses during WW2, and the Stasi’s privacy abuses being carried out at the time in East Germany.
The German state of Hesse was the first to include privacy protection in its constitution in 1970. It was followed by Sweden in 1976 and France in 1978. At the E.U. level we experienced consistency in law through the Community Directive in 1995 which came just in time to tame the biggest invention of 1990s – the World Wide Web and the emergence of the digital commerce. The digital commerce sparked the era of globalization and privacy has become a global issue. Meanwhile, the Directive from 1995 has been replaced by the GDPR and countries around the world confronted themselves with the dilemma of protecting people’s personal data. The GDPR has become the golden standard emulated by many jurisdictions outside E.U.
Derek A. Lackey, CIPM
Without questions it was the EU turning the General Data Protection Directive into the General Data Protection Regulation. The enforcement structure was an important part. It was clear that businesses were doing what technology allowed them to do, not stopping to think “should we”. In this world of quarterly shareholder reports and skyrocketing Executive compensation, and the thirst for even more profits even at the cost of Ethics, the business community could not be trusted to self-regulate. Something had to give. I believe history will show that the strong enforcement of the GDPR was the turning point of the data protection world.
Cristina Costache, CIPP/E, CIPM, CIPT, FIP
Some call it the Brussels effect. I think the GDPR was the thing that sparked this rise in the privacy regulations, enforcement and public awareness around the protection and value of their data. Of course, the misuse of personal data and the harms that such misuse can produce is also a factor. We all know about Cambridge Analytica, and other such cases in which data has been used to target and influence. With each such case awareness rises, citizens take action (strongly recommend to read about Stop LAPD Spaying Coalition at https://stoplapdspying.org/) and governments strive to produce legislation that might prevent such events happening in the future.
The GDPR and Other Strict Data Privacy Laws
As awareness of data malpractice grew, governments realized they needed to step in and protect their citizens. The EU led the charge with what became the most comprehensive and emulated data privacy law to date: the GDPR.
The GDPR is the strictest data privacy and security law in the world and applies to any processing of personal data where the processor or data subject is based in the EU or where the processing physically takes place in an EU country.
Under the GDPR, consumers must give consent for their data to be collected, which means companies can no longer hide their data collection practices or make them difficult to comprehend; they must be easily understood by all consumers.
The GDPR also requires companies to give their users the right to access their data, the right to take that data and use it elsewhere, and the right of consumers to request that their personal data be completely deleted from their records.
Worldwide impact
The GDPR doesn’t just apply to EU-based companies; the EU has promised to impose penalties if a brand violates the GDPR when handling EU citizens’ data, regardless of its location.
Since its entry into force, the GDPR has had a domino effect, and many other countries have used it as a model to shape their own data protection rules. As of now, 69% of the world’s countries have data protection and privacy legislation, and another 10% have draft legislation.
In the US, California was the first state to pass comprehensive data privacy legislation. The California Consumer Privacy Act (CCPA) went into effect in 2020, and the California Privacy Rights Act (CPRA) will enter into force at the beginning of 2023.
Other countries with strict data privacy laws are Canada, Brazil, Australia, Chile, Nigeria, and Iceland — with the number of countries growing every year.
Iceland has, in fact, been called the “Switzerland of data” for its strict data protection laws. The Data Protection Act (2000) states that data may be collected only for specific purposes and only with the clear and informed consent of the data subject. Failure to comply may result in fines or up to 3 years imprisonment.
Between January 2021 and January 2022, nearly €1.1 billion in fines were imposed for violations of the GDPR – an annual increase of 594%. Robust data protection policies and practices help companies avoid such costly lawsuits, so many are updating their privacy policies to comply with data protection laws and gain back the trust of their customers and show them exactly how their data is being used.
We asked the experts:
Are governments doing enough to protect the public’s data?
Petruta Pirvan, CIPM, CIPP/E, CIPP/US
No, otherwise, actions taken by activists such as Johnny Ryan or noyb would not be necessary. Just few months ago the famous Wired magazine advance an article entitled How GDPR Is Failing. Fact is that we the Irish Data Protection Regulator, who is the principal enforcer of the GDPR, is oftentimes stumbling in applying the rule of law sparking outrage from its counterparts in the other member states. On the other hand, other data regulators are still maturing in interpreting and applying the GDPR and their staff’s lack of understanding of the core principles of data protection is unfortunately visible to data subjects and exploitable by the Big Tech firms armed with all infrastructure to delay or diminish the applicability of the law.
Derek A. Lackey, CIPM
No. With a few exceptions. Watch Quebec. Having recently passed Bill 64 amending the Act respecting the Protection of Personal Information in the Private Sector, (PPIPS), and providing the Commission d’accès à l’information (CAI) with strong enforcement powers, I believe we will see how citizens data can be protected with the right political will. By September 2023 almost all of this Act comes into force and I believe the CAI will shows us what real enforcement looks like. They have an Act that is even tougher than the GDPR in some ways (for example there is no “Legitimate Interest” in PPIPS. Just Consent or Contractual, with few exceptions. In the EU most business is done under the lawful basis of Legitimate Interest, but Quebec left that out.) and the powers to enforce. They also, by default, made the highest authority in the enterprise accountable for all personal information held by that enterprise. I believe they saw the fact that in the EU the C Suite is often not committed to privacy and data protection. Quebec’s “highest authority” clause, properly enforced, will change that quickly.
Most Governments are afraid of upsetting their source of funds – business people. Most have bought into this crazy idea that enforcing data protection will stifle innovation. That is insane. This is not a zero sum game. As change creates fertile ground for innovation, having to change data practices would likely cause even more innovation – not stifle it!
Dr. Frank Schemmel, CIPM, CIPP/E, CIPP/US
There is always leeway for improvement. For example, governments should provide regulators with sufficient resources (in particular, budget to hire qualified personnel) to allow for necessary education and effective enforcement. Adequate resources is something most privacy regulators lack to date.
Cristina Costache, CIPP/E, CIPM, CIPT, FIP
Which governments? We need to make a distinction. While some countries have taken enforcement of the GDPR to heart and fine governmental bodies for noncompliance and producing extremely extensive DPIA’s on usage of some cloud based services other countries just do nothing or as little as possible in the area of compliance with the GDPR by public bodies.
We teach our kids the value of leading by example. Unfortunately we look at government agencies being fined for noncompliance with the GDPR and we are seeing not compliance with basic principles like lack of sufficient security measures or failure to appoint a DPO.
So no, government are not doing enough when it comes to enforcement on public bodies. We tend to forget that the state agencies hold a massive amount of data on their citizens when we focus on the private sector.
Was There Always a Demand for Data Privacy Regulation?
There have always been people who’ve raised flags about about data privacy.
For example, in the 1990s, privacy advocates voiced their concerns about Lotus Marketplace, a database program developed jointly by Lotus Development Corporation (the software developer) and Equifax (the information provider). The program was supposed to contain private information about 120 million people and 80 million households in the United States. Over 30,000 people contacted Lotus to opt out of the database, and there were massive protests and lawsuit threats, citing invasion of privacy.
But governments — and citizens — face new and more complex challenges in today’s world. With modern technology, there are no longer just a few companies in a few industries collecting and handling data; it’s every company in every industry.
While governments of the past did have to deal with privacy concerns in specific areas, their current task is much more complex. Because of our world’s interconnectivity, citizens expect them to create solutions that regulate nearly every company in every part of the world.
While sometimes lost in the fray with the focus on private businesses, governments must also hold themselves and other state actors accountable for how they handle data.
We asked the experts:
How was the world different before data privacy regulation?
Dr. Frank Schemmel, CIPM, CIPP/E, CIPP/US
Before comprehensive data protection regulations came into force, states and their representatives (governmental agencies and public institutions) had a supremacy regarding how personal data of citizens are processed and this was often an arbitrary act. With the uprise of international coherent privacy standards, data subjects now gained some of their power of disposition back.
Petruta Pirvan, CIPM, CIPP/E, CIPP/US
The world would be a much darker place without data protection laws. The right to data privacy functions as an overarching protection for the other fundamental rights. Being raised under a communist regime myself I saw and experienced people’s fear to express themselves, thinking that their own political options or religious believes or philosophical views will put themselves that their family into great danger of persecution by the government. Therefore, picking up on my idea, we enjoy freedom of expression, freedom of opinion, freedom of religion, the right to be treated equally independent of our ethnicity, etc. because of our right to privacy.
Derek A. Lackey, CIPM
Sometimes ignorance is bliss. Most people were not aware of the power of computers and the internet. But the reality was, the consumer was powerless regarding the use of their personal information. The Great Privacy Awakening gives them back their power, or at least provides some options for them. It is almost impossible to have a zero digital footprint in 2022. Data regulation is a question of WHEN, not IF.
Cristina Costache, CIPP/E, CIPM, CIPT, FIP
The pace with which privacy legislation was enacted was much, much slower as well as an enforcement activity at a lower level.
From the perspective of my company for example: we operate in 60+ countries. In the was year 12 of these countries have enacted new privacy legislation or strengthened the existing one and 28 other countries have privacy legislation or amendments in draft stage now that we expect to be enacted in the next 12 to 24 months.
Also, we can look at the enforcement activity: pre GDPR we have not seen fines over 100 million euro at European level except in the context of antitrust. Now it seems that 50+ million euro fines are something ordinary and we don’t hold our breath when we see this kind of news. What is new is the inditement for privacy legislation breach. Hong Kong and Philippines are the first to enforce such provisions and we expect more to follow.
The Growing Demand For Data Transparency
What is data transparency?
The term sounds pretty self-explanatory, but first let’s look at an official data transparency definition from PCMag:
Data transparency is both “the ability to easily access and work with data no matter where they are located or what application created them” and “the assurance that data being reported are accurate and are coming from the official source.”
Their definition may be hard to understand for “non-techy” people, so let’s simplify it.
Basically, data transparency is the notion that businesses — and other entities that handle it — should treat user data with the utmost integrity. Their data handling should be lawful, fair, traceable, and accountable.
Additionally, data subjects should be made aware of the data being collected from them, how and why it’s collected, who has access to it, how it’s used, and how they can access it — and delete or alter it.
So, why is data transparency important?
The rising demand for data transparency comes from citizens and, in turn, governments. Citizens — or consumers — are more aware of how much of their personal information is being collected, shared, and sold. They are increasingly discovering that businesses are not always benevolent with how and why they collect user information.
Awareness has led to demand for more action by governments to protect data and hold businesses accountable.
To their credit, states have begun to act rapidly. The EU got the ball rolling with its GDPR, which led more countries — and US states — to draft legislation to protect their own citizens.
But government action is not the only expectation consumers have. They are beginning to hold businesses themselves to higher standards. Consumers are starting to avoid companies that aren’t transparent about their data practices.
To drive this point home, here are some alarming data privacy statistics regarding consumer attitudes toward businesses and data:
- 62% of Americans don’t believe it’s possible to go through daily life without companies collecting data about them. (Pew Research Center)
- 63% of Internet users believe most companies aren’t transparent about how their data is used, and 48% have stopped shopping with a company because of privacy concerns. (Tableau)
- 33% of users have terminated relationships with companies over data. They left social media companies, ISPs, retailers, credit card providers, and banks or financial institutions. (Cisco)
- A University of Maryland study quantified the near-constant rate of hacker attacks on computers with Internet access – and it is every 39 seconds. (University of Maryland)
- More than 120 countries have already addressed international data protection laws in some form to provide better protection for their citizens and their data. (Thales)
How Your Business Can Build Trust With Consumers
As consumer demand for transparency grows, businesses must begin to evolve or be left behind. There is no going back to the days of rampant vacuuming of user data with little to no accountability.
Citizens and governments are doing their part by becoming more aware, speaking with their wallets, and implementing regulations. The onus is now on the businesses themselves to foster a new trend of responsible data practices.
So how can a business do just that?
There are several things companies can do to respect and protect user data and ensure their consumers that they are doing so. A good starting point is to abide by the seven privacy-by-design principles laid out by the GDPR.
- Principle #1: Be proactive, not reactive, in privacy matters
- Principle #2: Privacy comes first in everything you do
- Principle #3: Embed privacy into your design, development, and implementation from the beginning
- Principle #4: Privacy is positive-sum, not zero-sum
- Principle #5: End-to-end security measure for data
- Principle #6: Be visible and transparent
- Principle #7: Focus on and respect your users
In addition to the seven principles above, your business should acknowledge that users fully own their data. Your consumers should have full knowledge of, access to, and complete control of anything you collect from them.
Significant shifts in culture and standard business practices can be tough to navigate, and you may wonder why even bother. Aside from the growing legal requirements, businesses have another obvious incentive to go above and beyond: their reputation.
Trustworthiness as a Competitive Differentiator
While data privacy laws like the GDPR are having a significant impact on companies’ data practices, there is another factor coming into play: competition.
Trustworthiness has always played a role in consumer decisions, and data privacy is no different. Businesses not implementing the practices we discussed above and being fully transparent with their users will lose customers to those who are.
Just as the internet has tremendously impacted businesses’ growth, it can have the same impact on their downfall. News travels fast today, and your company has few places to hide if the internet hivemind decides it’s not up to par regarding data privacy practices.
As a result, more are companies prioritizing users and implementing appropriate data practices. They are minimizing the amount of individual information they need to retain, being transparent about all data collection and usage, keeping things secure, and giving users full access and control of their data.
So ask yourself: If your business is not doing the same, why would your customers choose you over a competitor who is?
The future of a market where digital data – its collection, analysis, and application – increasingly drives business models lies in consumer trust.
In fact, 37% of users say that companies that are data transparent and proactive in enforcing data privacy reduce their concerns.
As a result, companies are beginning to see trustworthiness as a competitive differentiator and a way to maximize return on investment.
We asked the experts:
What is one tip you would give a business looking to build trust with consumers regarding data privacy?
Jeff Jockisch, CIPP/US
Consumers value privacy. It’s a better model for your business and a competive advantage. Businesses that claim otherwise generally have no significant competition.
Build client trust and focus on collecting limited first party data. This is the less risky path and requires less engineering.
Cristina Costache, CIPP/E, CIPM, CIPT, FIP
Know where your data is. This is the first step in building a privacy program aimed to gain trust with your consumers by being transparent, responsible and accountable.
Think of the legal obligation food manufactures have to list the ingredients and other relevant information on their products. A food manufacturer should know what is in their products, correct? We should have the same approach when it comes to knowing what data we have and where and informing our customers what we do with their data. They have the right to have this information provided to them and to make an informed decision when choosing to share their data with a specific company.
Petruta Pirvan, CIPM, CIPP/E, CIPP/US
Put ethics in interpreting and applying the law at the core of their business. Otherwise, they will keep on ticking boxes at the detriment of the consumer who is smart, knows his/her rights and will always search for alternatives to escape what it feels like a fooling game.
Dr. Frank Schemmel, CIPM, CIPP/E, CIPP/US
A consumer centric approach where the consumer’s interest is the core of any service or product development with choice and transparency as the most powerful means to gain trust.
Derek A. Lackey, CIPM
Do the right thing. Treat people with respect.
How Termly Can Help
Our mission at Termly is to provide businesses with the tools they need to comply with data privacy laws. But our core belief is that you should respect user data because it’s the right thing to do, not just because it’s a legal requirement.
For Businesses
At Termly, we offer a complete compliance solution for your business, from consent management to legal policy generators.
You can use Termly to:
- Get proper consent for data collection
- Generate a privacy policy
- Additionally, you can generate various other policies, such as Terms and Conditions, Disclaimers, Cookie Policies, EULAs, and more.
- And much more!
- Try Termly for free!
For Agency Partners
Termly provides agencies with a streamlined compliance solution they can offer their clients as a unique selling point.
Our partnership program includes everything listed above with added wholesale pricing and volume discounts, multi-domain (including sub-domains) and multi-user support, direct customer support, and more!
We work with many agencies in various industries and can cater to any of your compliance needs.
Our Resources
In addition to our compliance software, we offer a wide variety of resources for all visitors, not just our customers. Our resources page includes various legal policy templates, educational articles, how-to guides, a legal dictionary, and more!
David Reynier, CEO @ Termly
We want to provide tools and resources for privacy compliance and to encourage businesses to cultivate a culture of respect for users privacy.
Takeaway
In an era of growing awareness and demand for privacy rights, you can no longer afford to view data privacy as an afterthought. It is steadily becoming a pillar of doing business in the modern era.
Companies that choose to ignore consumer demand for more transparency and accountability will be replaced by those that don’t. The internet has revolutionized how customers and businesses interact and put a lot more power in the hands of consumers. With so many companies to choose from, users rarely have reason to stick to those who dismiss their concerns.
More about the author
Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP
Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author
