After the organization is compliant, the next challenge is how to stay vigilant amidst new technologies and a constantly changing legal environment. New technologies that promise opportunities may need to be assessed if their adoption by the organization will have privacy implications. This is true for new business processes and innovative ways of performing tasks or implementing projects, and growing business opportunities such as big data and artificial intelligence. Apart from these, the organization has to grapple with evolving technologies such as cloud computing, the Internet-of-Things, and new social media platforms.
As technology moves forward, we anticipate that regulators, both local and foreign, will need to introduce new legal standards and requirements. These combined changes will require the organization to be well-informed and up-to-date of these legal, technological and regulatory changes. There will also be a constant need for internal capacity-building to oversee the compliance efforts within the organization. Independent data privacy risk or impact assessments may be required to audit existing processes as new ones are identified. New employees will need training in data privacy basics, while existing employees need to be oriented to the changes introduced in the course of the organization’s data privacy compliance. Finally, the data privacy officer and his support staff will require not only updates, but continuous education to further improve and meet, the organization’s data privacy goals.