The resilience of organizations has been put to the test during this past year. A global pandemic and political upheaval have led to an increased risk of regulatory penalties, reputational harm and erosion of customer trust. Looking forward, what can we expect in 2021?
Here are five trends that will drive digital transformation as businesses adjust to post-pandemic and post-election realities and strive to emerge stronger in the year ahead.
Data privacy reform is accelerating
According to Gartner, 65% of the world’s population will have its personal data covered under modern privacy regulations by 2023. Recent developments in some of the world’s most populous countries make this seem achievable. The Brazilian General Data Protection Law (LGPD) recently went into effect and I expect similar omnibus privacy laws to be enacted in China and India this year.
In North America, Canada is considering the replacement of the Personal Information Protection and Electronic Documents Act (PIPEDA) with a more comprehensive and enforcement-focused law. And during the November US presidential election, Californians approved a ballot initiative (the California Privacy Rights Act or CPRA) that expands on the existing consumer privacy protections provided by the California Consumer Privacy Act (CCPA). With the Biden-Harris Administration committed to protecting consumer rights, it is almost a certainty that Congress will pass comprehensive federal data privacy legislation in the very near future.
Expect more companies to aggressively operationalize their data privacy programs to the most stringent standard in anticipation of new laws using data discovery tools, automation, workflow and governance capabilities to meet these obligations. Further investment will be directed at technology that ensures a privacy-by-design approach is in place with end-to-end security measures.
Remote work causing security and governance headaches
The pandemic forced a transition to remote work, leaving many businesses unprepared for the accompanying increase in cyber security risks. In 2021, compliance and security professionals will work together to prevent, respond to and bounce back from cyber attacks and disruptions. To do this, they will use advanced cyber solutions that incorporate continuous threat monitoring, file analytics, endpoint protection and remote investigations capabilities.
To address limited visibility, these leaders will use advanced analytics to identify the type and location of information, measure risk associated with data handling activities and shed light on employee conduct. And to deal with the rise of shadow IT, they will also champion the use of software that applies policy, security and privacy protocols behind the scenes to mitigate improper data handling practices without impacting productivity.
Surge in investigations and enforcement actions
COVID-19 set off a wave of fraudulent activity. Under the Biden-Harris Administration, I expect to see a significant uptick in enforcement actions and investigations of fraud, false claims and other corruption. Significant oversight and enforcement activity will focus on the CARES Act and other pandemic claims. Reports of misconduct will rise as a speak-up culture continues to emerge and provide awards for whistleblowers. Anticipate the greatest impact in the EU where, by the end of 2021, the laws of all member states will need to satisfy new reporting requirements and protections to comply with the EU Whistleblower Directive.
Heightened scrutiny by regulators will drive compliance leaders to lean on technology to proactively manage risk and improve reporting. Organizations will invest in analytics that support investigations, gain deeper insight into employee behavior and expedite the review of data to meet time-sensitive production demands.
Growing scrutiny of third-party relationships
Supply chains have become complex, with the pandemic exposing a lack of visibility into these relationships. Organizations are forced to rely on new suppliers and address labor shortages while maintaining due diligence activities to guard against third-party liability. In June 2020, the US Department of Justice Criminal Division updated its guidance on the Evaluation of Corporate Compliance Programs, emphasizing the application of risk-based due diligence throughout the entire lifetime of a third-party relationship to detect misconduct.
In 2021, risk management leaders will pursue tools that expand visibility into supplier onboarding practices and conduct throughout the relationship lifecycle. With productivity demands requiring third-party access to one’s IT environment, establishing greater security controls to mitigate the risk of inappropriate third-party privileges will be vital to avoid data breaches associated with role changes, departures or other circumstances where access should be denied.
ESG driving risk and compliance measures
Pressured by boards and consumer activism, organizations are beginning to prioritize environmental, social and governance (ESG) risk management — especially supply chain networks. In addition to evaluating supplier ESG performance criteria, there has been a rapid rise in regulations relating to product compliance — how products are sourced and manufactured. In Europe, for example, new regulations to be enforced in 2021 include the EU Market Surveillance Regulation and the EU Conflict Minerals Regulation, which will put greater pressure on businesses to invest in ongoing diligence activities to achieve compliance.
In the year ahead, expect more investment in solutions that provide greater transparency into the operations of supplier practices. Advanced analytics and AI will play a pivotal role, helping companies manage social and ethical performance, root out human rights violations, assess risk and support compliance across trading partners.
Learn more
OpenText solutions help organizations to mitigate regulatory and reputational risk, embed compliance into business processes and meet corporate governance needs. Learn how we can help you rethink your approach to data privacy compliance, information governance and supply chain risk management, and more.