Proliferating data privacy regulations will increase compliance costs for companies, as well as litigation and fines when breaches occur.
According to Fitch the rising number of data breach incidents in recent years has greatly escalated concerns and costs around data privacy issues in a rapidly evolving regulatory environment.
The EU’s General Data Privacy Regulation (GDPR) was the first comprehensive overhaul of data protection rules that identifies issues on data privacy and protection. Multiple jurisdictions, including Brazil, China and Japan, are setting up similar legislations on data protection regulations in light of rising public awareness of data privacy.
The penalty of complexity
The cross-border nature of data flows has added complexities to the enforcement of data protection regulations, including the way data are transferred and stored, which has increased the calls for regulation harmonisation. GDPR has set up a process allowing data flows from the EU to certain third countries without additional safeguards.
There has been limited credit impact from regulations due to a lack of resources and budget for law enforcement, and ambiguous regulatory framework and delays from Covid-19.
Fitch expects the fines for violating data privacy laws to increase after the pandemic, as regulations begin to fall in place and enforcement strengthens.
All sectors are exposed to data breach risks. Increasing incidence of cyberattacks poses higher risks for companies not complying with GDPR and similar data regulations given stricter rules on notice periods and cyber defence.
Cyber insurance is an important way to mitigate the rising costs from data breach incidents, especially for sectors with higher exposure, such as technology, healthcare and financial services.
Higher regulatory oversight and demands will drive a fundamental transformation about how businesses understand and manage data privacy risks.
Fitch also expects to see increasing operational and capital expenditures within businesses to comply with data regulations and to re-evaluate the role of data in their long-term business strategy.