chevron-down Created with Sketch Beta.

ARTICLE

Consumers and Data Compliance Officers Navigating Privacy Compliance Management in an Evolving Landscape

Michélle Jacqueline Du Plessis

Consumers and Data Compliance Officers Navigating Privacy Compliance Management in an Evolving Landscape
Photo by Pierre Borthiry - Peiobty on Unsplash

In the wake of Covid-19, precautionary health measures and work-from-home proliferated, necessitating more online streaming and data sharing. But how does this affect the consumer? What are the obligations of the Data Compliance Officer? How should privacy be managed through compliance in an ever-evolving landscape? Who is the owner of the gathered data?

Several different privacy laws regulate privacy compliance globally. The General Data Protection Regulation (“GDPR”) has a global reach and many companies are not fully aware of their obligations with regards to data subjects under the European Union (“EU”) regulations. This applies not only to EU domiciled companies, but also to any company that interacts, transacts, or communicates with a data subject domiciled within the GDPR landscape. Not only is the GDPR very stringent, but individual countries interpret it differently, causing more chaos and confusion and sleepless nights for Data Compliance Officers. Strict compliance is necessary to avoid exorbitant penalties for data breaches.

In the State of California, data subjects have specific rights relating to their data, but who must comply? The necessity of a Data Compliance Officer became more and more apparent.

Uncertainty regarding an approach to global data subjects is a constant reminder for any business owner of what they may, must, and should or should not do with data obtained either through the normal scope of day-to-day business or specific requests made for the collection of data. Given the fact that Digital Nomads are on the rise, despite COVID-19, compliance became more intricate. A Digital Nomad can live in California today and in Germany next week. The landscape becomes darker by the day. How does a Data Compliance Officer navigate through this scary dark data jungle?

Currently, worldwide entrepreneurs are fighting for the share of wallet to provide a solution to this growing monster. Companies such as ActiveProspect provide solutions for real-time lead generation. But first, consent by the data subject remains a requirement. This still does not pave the path through the jungle, but merely sheds some light in the dark.

With the Blockchain era and more and more Distributed Ledger Technology solutions surfacing every day, the nightmare in the jungle became worse. The Blockchain, which is immutable, is in direct contrast to privacy laws and regulations, which provide a remedy to a data subject to have its data completely removed from a server or stored elsewhere. How does one navigate now? How do you delete the immutable? The Data Compliance Officer’s worst nightmares just became real.

On the forefront of the Blockchain, stands Liechtenstein, a small Principality. Although not a member of the EU, bordered between Switzerland, Austria, and Germany, Liechtenstein is a member of the European Economic Area (“EEA”) and has been a member of the United Nations since 1990. This small principality embraces technology and financial management.

On January 1, 2020, Liechtenstein’s Token and Trusted Technology Service Provider Act (“TVTG”) came into force and effect as the first national sovereign blockchain law ever. This Act is commonly known as the “Liechtenstein Blockchain Act” and provides a whole new world and landscape to forward-thinking entrepreneurs, but also has an impact on the data subjects and global legal practitioners advising clients.

However, one company, FUTURAE Management Solutions GmbH, a Swiss LLC, believes the answer to the data jungle lies rooted within this very TVTG Act. FUTURAE has developed a Proof of Concept with MyDATA. The essence of this solution is based on the data subject who always, through the application of the Liechtenstein TVTG Act, blockchain, distributed technology and tokenization, remains the owner of its data. It also provides the solution to companies requiring specific data, to drive for instance, marketing campaigns or to do research, without the nightmare and burden to the Data Compliance Officer.

The MyDATA Solution, through blockchain technology, now navigates the pathway through data subject’s data compliance by shifting the focus to ownership of data through a real-time blockchain solution governed by Liechtenstein. The more the landscape will evolve, the greater the need will be to have it governed through the application of technology, providing incentives such as monetization and hot-off-the-press real-time data from the horse’s mouth.

The evolving landscape no longer needs to be a big dark maze in a scary jungle. The answer lies within a $275 billion market, with a projected steady compound annual growth rate of 10%, reaching $450 billion by 2026. With a paradigm shift towards the data subject and its role and responsibility, data compliance will be a piece of cake.

This article was prepared by the Business Law Section's Consumer Financial Services Committee.

    Authors