Evolving Data Privacy Trends and Challenges in 2023

As there is a significant growth in the industry trends towards adapting to various new technologies and models, organizations are adapting to various technologies accompanied by security threats in this new threat landscape. Increasing security vulnerabilities and data breaches has become one of the hot topics for discussion across the board due to the proven impact to business and reputation loss. Based on the incidents related to cyber-crime and data breaches, organisations are mandated to comply with privacy acts and regulatory requirements to prevent risks and safeguard the data. Significant fines for violating data privacy legislation aren’t the only reason businesses should strengthen personal data security, but also keeping in mind the exploitation of customers personal data which is highly critical to business.


The importance of data used across various industries and handled by the users are highly critical, this data handling weakness or data loss will affect the consumers faith on the organisation which in turn determines the company profit. The global privacy landscape is constantly evolving. It leaves companies and privacy professionals with the tough challenge of ensuring that their security posture is strong, compliant, and resilient in nature to safeguard the data from any unknown /unexpected disruptions. Privacy needs and data protection requirements will continue to increase in complexity as the regulatory landscape expands its reach and controls worldwide.

Data Privacy

Some of the current Data Privacy risks and challenges:

  1. Gaining clear visibility of data present within the organisation
  2. Embedding data privacy within the existing security design of the organisation
  3. Complying to various Privacy Acts and Regulatory requirements across the Geos
  4. Ransomware attacks
  5. Cross Boarder Data Transfer
  6. Insider Threats
  7. Unauthorised access controls
  8. Inadequate Data Privacy Training and Awareness is weak
  9. Emerging new technologies like AI, IoT, ML, Cloud computing etc.

There are various other privacy risks in the current threat landscape like exploitation of personal data, inadequate data security and weakness in privacy Governance. Data breaches or ransomware attacks are major challenges as they can expose personal data to potential misuse. Privacy trends are changing and developing different functionalities and models to data-centric protection controls such as CASB, and other privacy-preserving techniques for establishing collaborative data relationships with enterprises, such as embedding privacy principles in the current enterprise network, Privacy by design, Data Encryption, AI governance, applying threat intelligence etc.

With the evolving threats and vulnerabilities in the data protection space, there are some emerging trends in data privacy which we need to understand and adapt to with the right level of data protection controls to reduce threats.

Some of the emerging trends are :

Data Privacy

1. Increased regulatory expectations and Demand

In the recent past, the focus on personal data protection and enabling stringent data security controls has grown intensively across all Geos. The legislation to secure the protection of data and privacy are not resilient in nature currently, however, organisations are struggling to overcome evolving privacy risks and staying compliant to regulatory requirements. Regulations are becoming more specific, and ambiguities are getting tighter to safeguard the data from any internal/external threats. There is a rapid progress among regulators in strengthening regulatory oversight across geographies to enable smooth cross boarder communications and data safety.

2. Data localisation

The most important part of data localisation is managing the overall data within the country to avoid issues related to cross boarder transfer without proper due diligence, data leaks, identity thefts, insider threats, data security etc. Data localisation helps the organisations to get more visibility on available data and easier to maintain. It’s getting adapted by organisations across the Geos to limit the physical storage and data processing within the boundaries of the jurisdiction. Many countries have implemented data localization process to reduce concerns over free data flow.

3. Artificial Intelligence and Machine learning adaption

The EU Artificial Intelligence Act is set to be established and released soon to match the emerging vulnerabilities accompanied with the AI Ops technology. This privacy act will classify AI applications into three risk categories and will apply to manufacturers of connected products.  The three categories are:

  • Unacceptable / Critical Risk – AI systems found to be highly critical in nature and they are mostly used in critical infrastructures that could put the business at high risk if exploited or attacked.
  • High risk – This includes tools like CV assessment software. These will be closely monitored.
  • Low risk – These are all other apps that the AI Act doesn’t explicitly address.

4. Privacy by Design

Privacy by Design is a framework based on proactively embedding privacy into the design and operation of IT systems, networked infrastructure, and business applications.  It’s involved in creating an engineering base privacy risk aware culture to handle data security in a very effective manner.

5. Zero Trust Security Model

Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. A Zero Trust model is a process defined to safeguard the data against ransomware, cyber-crimes, and cybersecurity threats by allocating the minimum required access to perform specific tasks.

In 2023, there will be a significant increase in the data privacy legislations, legal and regulatory requirements across the globe to safeguard the data. It is also expected to have high stringent rules that’s required for the organisations to follow overseen by regulators, there would be a development of privacy regulations at Geo levels specific to their environment, more investment in privacy by design and privacy technology, a trend toward a cookie less future, and other developments.

About the Author :

Cyber security

Ms. Kavitha Srinivasulu
Global Head – Cyber Risk & Data Privacy – BFSI R&C
Tata Consultancy Services


Ms. Kavitha Srinivasulu has around 20+ years of experience focused on  Cybersecurity, Data Privacy & Business Resilience across BFSI, Financial  services, Retail, Manufacturing, Health care, IT Services and Telecom domains. She has demonstrated her core expertise in Risk Advisory, Business Consulting and Delivery assurance with diverse experience across corporate and Strategic Partners.She is a natural leader with versatility to negotiate and influence at all levels.

The views and opinions expressed by Ms. Kavitha Srinivasulu in this article are only from her personal side and not representing her company viewpoints or sharing any of her customers views.

Ms. Kavitha Srinivasulu is Bestowed with the following Licenses & Certifications :



Ms. Kavitha Srinivasulu can be contacted at :

LinkedIn : https://www.linkedin.com/in/kavitha-srinivasulu-5619ab7/

Also read Ms. Kavitha’s earlier article: