The importance of a Global Privacy Program

With digital reality and economy being subject to constant and rapid changes, privacy, security, and sustainability become paramount for a company’s competitive positioning on a global scale.

Since 2018, regulatory heavyweights like the GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act) have helped draw attention to the importance of data protection – but that is not the only justification for implementing a global privacy program. (Source: Charles Russell Speechlys LLP)

 

Since the first lockdown rolled across the world forced the global economy to shift towards further digitalization. E-commerce became an alternative for many organizations. Logistics and the supply of goods and services to homes have become more strategically important, but more personal information has been entering the digital economy. Such personal information includes names and surname, billing addresses, and ‘last mile’ location data and payment information.  Organizations have turned to their privacy and security professionals to assist in navigating these waters successfully.

 

This blog article introduces the benefits of establishing a global privacy program for international organizations and why organizations should not just consider privacy and data protection as just another regulatory obligation.  It is an opportunity to become a sustainable player in the digital environment.

 

Three key features of a solid Global Privacy Program

Vision and Strategy

It is rather difficult to change an organization’s way of thinking about privacy without the support of all stakeholders that make up an organization (HR, IT, InfoSec, Engineering, Sales, Marketing, Legal).  A clear privacy vision statement and global privacy principles build a strong foundation for organizations of the future.  Traditionally, privacy was considered a mere compliance requirement as there is indeed a need to comply with the law. The latter is a key driver of privacy, yet that is not enough for a successful global privacy program.  In today’s world, privacy plays a big part in the governance, risk, and strategic thinking in global organizations.

 

The Privacy Team

A Privacy program is a framework based on the organizational values and best practices of a company. It requires close collaboration with multiple stakeholders to ensure a balanced approach that meets both business needs and respects individuals’ rights to privacy and dignity. It should address every essential part of the organization. For this, an organization needs a myriad of privacy-aware individuals who challenge and change staff mindsets.  Such individuals should not only be lawyers and compliance specialists but also professionals and experts in their own fields. Additionally, the privacy legal and compliance professionals should leave their comfort zones of risk-based compliance and speak and collaborate with their colleagues to better understand how to translate privacy into tangible deliverables and streamline these throughout the organization.

Structure – thinking global does not mean hurting the local

Organizations should not forget to ask the question of where it is operating and what its structure is.  Is it centralized, federated, or a hybrid organization? This is important because organizations operating globally must be aware that the GDPR is not the only data protection regulation around.  Many countries or regions have established local data protection or privacy laws, and a global privacy program must be sufficiently dynamic to accommodate such local laws.  We can soon expect comprehensive privacy laws in India, South Africa, Thailand, and other parts of the world.

A map of the world presenting PayU's offerings as follows

Many of these laws are inspired or take homage to the GDPR, but there are distinctions, and a global privacy program should not be enforcing only one regulation.  If an entity has a holistic approach to privacy and the program is structured to accommodate more than one law, creating a local variation will be less onerous and resource-heavy for the organization—  Simply put, it is much easier to build, adopt and utilize the foundations set by a global privacy program than to establish a new privacy program for each country and in the long run, this also allows the organization’s customers to have a better understanding of the company’s global approach to privacy.

 

A global privacy program should also include operations in countries that do not yet have a comprehensive data protection law in place.  There are three reasons for this: (i) instilling and keeping the much-needed trust of individuals; (ii) ensuring readiness for new legislation and regulations, and (iii) economic progress and geographical expansion of the organization without impediments when sharing personal information with countries that do not have data protection laws.

 

 

The value of a global privacy program to PayU

People are becoming more and more aware of their privacy, so organizations must keep up. The trust of customers is central to a global privacy program. Customers are not the only ones who look for a trustworthy company.

 

PayU recognizes that its merchants or potential clients are also aware of new regulations and the importance of trust in the data economy. The trust of the market from both merchants’ and end-users perspectives is an essential factor in the business governance of the digital world.

 

Digital reality has changed, and so has the economy. Privacy, security, and sustainability will continue to determine a company’s competitive position in the global market.  A global privacy program is part of it, contributing to an organization’s approach to digital ethics and responsible technology.

1