The EU General Data Protection Regulation (GDPR), enacted mid-2018 by the European Union, has dramatically reshaped the way data is handled across every sector, and not just in the EU. The regulation, which gives all EU citizens greater control over their personal data and how it is used, is seen by U.S. states and other regions as a template for implementing similar laws.
The U.S. Health Insurance Portability and Accountability (HIPPA), designed to safeguard patient data, actually predates the GDPR by more than 20 years. The California Consumer Privacy Act (CCPA) also came into force in 2018, since then a host of states, including New York, Massachusetts, Maryland, and Virginia have moved to tighten data protection rules.
Enterprise Ireland client company PrivacyEngine has worked in the space for 10 years and encapsulated everything needed for the diversity of data privacy management needs in a single software-as-a-service (SaaS) platform. The technology enables organizations of any size to manage all aspects of data protection including privacy compliance, stakeholder training, and vendor management. PrivacyEngine is the leading data privacy solution and services provider for organizations in a wide range of industries, including retail, hospitality, not-for-profit, medical, financial, government, and more.
With personal data privacy now a top global concern, we interviewed the Founder and CEO of PrivacyEngine, John Ghent, to explore his thoughts on data management, technology, and regulatory compliance concerns.
How has this industry changed, and how do you predict it will continue to evolve?
The increase of AI and machine learning and the emergence of IoT technology have meant that personal data is now everywhere. As a direct consequence, governments around the world are legislating to protect their citizens’ data. It’s predicted that 65-percent of the worldwide population will be under a GDPR-like regulation by the end of 2023. Already, more legislation was passed into Law in 2018 than in the previous century combined. This has resulted in a massive increase in the need for privacy teams globally, and this trend is only going to grow. Our data privacy platform is designed to help these teams do their jobs by enabling them to manage complex data privacy programs and demonstrate compliance with privacy regulations in a rapidly changing environment.
Tell us about the data privacy space and what’s your solution approach?
The proliferation of personal data in systems such as human resource management, marketing and sales automation, gaming and information apps, and digital medical records means the threat of data misuse is continuously expanding. Data privacy legislation and best practices strive to combat this trend, providing protection for individuals’ private data and offering organizations definitive guidance concerning their data processing and security responsibilities.
Given the breadth of data processing in organizations today, finding the balance between suitable data privacy control and extracting business value from data can be challenging. The PrivacyEngine approach offers practical solutions for delivering data privacy compliance in a single software-as-a-service (SaaS) platform that enables organizations of all sizes to demonstrate compliance, save time, reduce costs and gain a competitive advantage from their data.
How are the European and U.S. data privacy markets different?
In May of 2018, the European Union brought in GDPR legislation to protect the fundamental rights and freedoms of individuals and their personal data within the EU. Additionally, the EU Commission has taken steps to ensure that legislation keeps up with the changing times.
It is fair to say that the EU is ahead of the U.S. from a legislative point of view; however, the US is likely to catch up rapidly. Several U.S. states have already implemented privacy legislation. This month, Virginia passed a new data privacy bill, which follows in the footsteps of California’s comprehensive CCPA privacy bill. Other states in the U.S. are under pressure to follow suit. California has already announced that in 2023, its existing data privacy legislation CCPA, will be updated to the California Privacy Rights Act (CPRA).
While historically there were cultural differences in how U.S. and EU organizations viewed and processed personal data, there is a convergence happening with more authorities moving closer to adopting standards like GDPR. As such, personal data has come to be viewed as a personal asset, and that companies and organizations have a duty of care to protect the data they hold and process.
How does PrivacyEngine help organizations manage all this data as well as the evolving legislation?
With our data privacy compliance platform, expert data-protection consultants, and real-world implementation experience, PrivacyEngine simplifies and accelerates the delivery of sustainable data privacy compliance programs for regulations such as GDPR, CCPA, and HIPAA.
There are three main aspects to our platform; Privacy Management, Training & Assessment and Vendor Management.
The Privacy Management layer takes care of all regulatory aspects of privacy management, such as managing individuals’ rights, reporting data breaches and incidents, and tracking how an organization processes, stores, and secures personal data.
In our experience employees and contractors are the most common cause of data and security breaches across all types of organizations, from the largest corporations to small and medium enterprises, government agencies, and NGOs. With Stakeholder Training, Awareness & Assessment PrivacyEngine incorporates a comprehensive learning management system with hundreds of hours of regularly updated, on-demand content for all data-protection training needs, from employee awareness to professional training and certification for data protection leadership. We also include assessment and questionnaire functionality for carrying out data protection impact and employee assessments as needed.
And because vendors are the second-highest cause of data and security breaches, we developed our Vendor Management capabilities, which include end-to-end vendor evaluation and risk assessment for onboarding new vendors and reviewing existing vendors.
Do you currently work in the U.S. market?
PrivacyEngine has developed close relationships with hundreds of customers worldwide, including many in the U.S. In fact, some of our largest customers are based in the U.S.; these range from top media companies and tech companies to medical companies. Our U.S. customers are looking for a best-in-class solution from a company that really understands how privacy programs operate.
We recently partnered with the U.S.-based company Inspire! to offer outsourced Data Privacy Officer (DPO) services to U.S.-based organizations. The new DPO as a Service (DPOaaS) offering combines authoritative advice from the Inspire! team of privacy experts with the PrivacyEngine practical data privacy management platform.
We have extended our working hours in our Dublin office to meet the requirements of the different time zones. In the future, we have the ambition of opening an office in the U.S. to expand on our growing international footprint. We look forward to helping more US companies as we continue our journey into the U.S. market.
What makes Privacy Engine an ideal partner for U.S. businesses?
As we were founded as Sytorus in 2013, PrivacyEngine is well known as a leading data privacy solutions provider in Ireland, the UK, and the rest of Europe – where organizations operate under some of the most stringent data protection and privacy laws anywhere in the world. With this background, we have gained unrivaled experience and expert knowledge in implementing gold-standard data privacy programs for hundreds of organizations.
Additionally, we already work with a number of U.S. companies. We have successfully adapted our solutions to the U.S. regulatory landscape, and our experience is augmented by partnering with U.S. organizations such as:
- Inspire!: deep expertise in the U.S. privacy environment,
- MediaPro: a globally recognized security and privacy training solutions provider, and
- Ninjio: cybersecurity awareness training solution provider.
What’s next for PrivacyEngine?
As data privacy requirements advance, our platform continues to evolve to meet our global customers’ changing needs in all the various industries and organization types.
In light of the pandemic, as we have seen a massive increase in remote training and e-Learning, we have enhanced our Learning Management System and training content to meet the high demand.
And later this year, we will introduce a new capability called PrivacyEngine RISE. This real-time intelligent search engine continuously identifies data protection events through publicly available information and relates events directly to our customers’ privacy programs through PrivacyEngine. We’ll release more details about PrivacyEngine RISE soon.