top of page
Writer's pictureGemma Walton

What Will Change In Data Protection For Business In 2023?

Updated: Apr 25

In 2023, there will be an increase in global legislation on data privacy, development of US privacy regulations, increased investments in privacy technologies, trends towards a Cookieless future, and other developments. But what will change in Data Protection for business in 2023?


As new privacy regulations are continually evolving, companies will invest more in privacy technologies to gain users trust and avoid penalties. Data subjects under the Privacy Rule are becoming more conscious about their rights and wanting to safeguard their personal information. It is no surprise to see countries around the world adopt data privacy regulations, which outline the rights consumers and employees have to personal data usage by businesses, impose penalties for breaches of personal data, and require businesses to keep data only as long as necessary.

What Will Change In Data Protection For Business In 2023

To guard against the risks of identity theft and other cybercrime, governments across the globe, as well as in the United States, have passed laws protecting personal data. These efforts started as a trickle, responding to an early threat from cybercrime and identity theft, but now they have grown into a torrent of requirements, which vary from Europe to South America to California to New York.


This legislation expands the reach of consumer privacy and provides better protections for people against data breaches to their personal information. In America their new bill substantially strengthens the existing data security laws, expanding what types of personal data companies must inform consumers about if they are exposed to a breach, and requires companies to establish, implement, and maintain reasonable protections to safeguard the privacy, security, and integrity of personal information.


The act contains some similarities with provisions in the European Union’s General Data Protection Regulation and the California Consumer Privacy Act. In some aspects the new bill is very similar to the General Data Protection Regulation (GDPR) and other privacy legislation around the world.


The CDPA provides certain rights similar to those of GDPR, as well as requirements on data protection and contractual provisions. In addition to creating rights schemes after individual rights in the GDPR, the CDPA requires provider data security and contract provisions, as well as assessments of high-risk treatment. CDPA similarly creates rights patterned after those of GDPR, requiring data minimisation, security, and assessments for high-risk processing.


New assessments for data privacy and security are required for high-risk processing, and these mandate assessments for a providers privacy/security compliance (including removing data or returning it upon termination of a contract). Data processors must review their standard agreements with data processors and contractors and modify as necessary to ensure that they are compliant with the requirements of the new Privacy Rule.


To meet these requirements, companies should consider building upon existing data subjects request for access policies to incorporate such an appeals process and should make sure their communications with consumers explicitly and conspicuously communicate consumers rights to an appeal. Any new Privacy Rule should require (1) that companies set up an internal process for consumers to appeal any refusal to provide collected data; (2) that the appellate process is clearly accessible and user-friendly; and (3) that the appellate process has fixed time periods in which a company must respond.


This gives consumers rights to their data, and requires companies covered by the laws to follow rules about what data they collect, how it is treated and protected, and who is sharing it. Companies should help consumers exercise their data rights by getting opt-in consent before processing their sensitive data, disclosing when their data will be sold, and giving them an opportunity to opt-out.

In 2023 What Will Change In Data Protection For Business

In America, The California Consumer Privacy Rights Act (CPRA) will coming into effect on July 1, 2023, and will apply to employees, in addition to other consumers, for the first time. The CPRA also creates the California Privacy Protection Agency, expands personal and opt-out rights, limits the retention of personal data to only what is necessary, and includes protections for personal data about employees and contacts with businesses. Under the CPRA, businesses would have increased domestic obligations related to personal information, including record-specific preservation requirements and cybersecurity/privacy risk assessments.


Of note are California’s new privacy rights law and Virginia’s consumer data protection law, both effective in January. Five states - California, Colorado, Connecticut, Utah, and Virginia--will have new or updated data privacy laws by 2023, with a few others considering laws of their own.


Now that a number of U.S. states have passed data protection or privacy laws there is likely to be some pressure on regulators and officials to prove these new laws actually have teeth. Other large markets such as India, Germany, China, and Japan have already passed laws protecting consumers data and privacy, and we should expect more changes in these regions to gain momentum in the coming year.


Based on these trends, it is clear that privacy is evolving beyond regulatory compliance to a new age of integrated data governance and trusted data usage. Privacy governance will merge with data governance, whether it is for regulatory compliance or for cybersecurity resilience and incident response.



Useful Links:



Are you looking to upskill members of your team in data protection and the current laws so they have a better understanding of GDPR to keep your business on track and free of complaints around this?


Or are you someone looking to futureproof your career or make a career change to earn more money?


I can help!!


I work with a company that offer BCS Accredited Online Courses that you or your employees can do at their own speed in their own time.



Check out the:



You can sign up for a preview or immediate access!! Don't delay get started on your data protection upskilling today.



If you’re looking for help or support for a marketing project to help your business grow by improving your online presence, please check out the Digital Marketing Services I Provide.


Not sure or want to have a chat about this in more detail then please Contact Me directly.


Are you looking to upskill and learn more about AI, Business Analysis, Data Protection? Check out these Online Courses now.


You can also check out my podcast "Like Click Share" for digital and marketing tips and advice or head to the channel page on You Tube.

Are you a small business looking for support to develop your Privacy Policy or Ts & Cs? Or are you a Start Up looking for legal help?


Click the links below to access easy to use legal templates and use code GWM33 at the checkout to save 33%.




Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page