The business world has reached a turning point in data privacy: it’s no longer optional. More data privacy laws are being proposed around the world, and customers and business partners want to know about your privacy practices before they’ll do business with you.

As data privacy continues to occupy the international spotlight, some businesses are finding it difficult to separate fact from fiction. Is an updated privacy policy all you really need? Can a technology tool really make you compliant? Can a survey tell you all you need to know about how your organization handles personal data? We’ve identified the biggest myths about data privacy.

Here are three of the most common data privacy myths:

“Data privacy is a passing trend.”

Some companies are treating GDPR and the California Consumer Privacy Act (CCPA) as a finish line, when actually they’re just the beginning. Legislatures around the world, including the United States Congress, have passed or are in the process of passing new or expanded data privacy laws, as are several U.S. states and even municipalities such as San Francisco.

In addition to the legislative angle, both consumers and businesses are increasingly concerned about the data practices of companies they do business with.

“We bought this tool that promises to make us compliant, so we’re good.”

Complying with data privacy legislation is a complex, multi-faceted process. While technology tools can simplify and automate certain tasks, there is no substitute for human effort in addressing the foundational elements of a compliance plan — like understanding how and why you are processing personal data and what data you are disclosing to your business partners.

“Once we achieve compliance, we’re all done.”

After executing a comprehensive compliance plan, businesses may be tempted to relax, feeling that they have finished the hard part of the work. However, the world of data privacy is always changing, and it’s important to watch for “triggers” that can affect your compliance status. These include external triggers — such as new regulations, judicial clarifications of existing laws, and technology innovation — as well as internal triggers such as business changes, new vendors or partners, and mergers/acquisitions.

While the global picture of data privacy is still taking shape, we can all be certain of one thing: there’s no going back to “business as usual” in terms of how companies handle personal information.

Like what you see?

Paul Lee

Executive Team member Kevin Moos is recognized for his experience with knowledge management systems. He has lent his expertise to several prestigious industry panels on enterprise content management and other topics.