Building Innovative Tech While Complying With Privacy Regulations

In recent years, protecting consumer data has not only been a major concern for consumers themselves, but also for government bodies around the globe. The EU’s General Data Protection Regulation and the California Consumer Privacy Act are two of the most prominent examples of legislation designed to ensure consumers have more insight into and control over their data and that any information they choose to share is safeguarded by the businesses that collect it.

Most technology companies have welcomed the guidance and clarity provided by carefully crafted legislation, but even so, there’s no doubt that complying with varying (and growing) national and regional privacy statutes brings an added layer of challenge when building new technologies. Below, 20 members of Forbes Technology Council share strategies to help tech companies balance pursuing innovation and ensuring compliance to continue to grow and serve their customers.

1. Prioritize Consumer Ownership And Consent

Companies must prioritize consumer ownership of their data and their consent to its use. Empowering users with greater control over their data and enabling them to make informed decisions about how data sharing benefits them fosters a customer-centric approach to innovation. This approach aligns technology benefits directly with the needs and preferences of users, building trust and driving sustainable growth. – Christina Cai, Lydia AI

2. Embrace Privacy By Design

The privacy-by-design approach is one strategy every company should adopt to address the challenge of balancing innovation and compliance. The principles of this approach include being proactive, not reactive; having privacy as the default setting; embedding privacy into product design; ensuring end-to-end security and transparency; and respecting users’ privacy by offering strong privacy defaults, appropriate notice and so on. – Velu Palani, HCSC

3. Implement Protection Practices In The Early Stages Of Development

Companies trying to balance innovation and compliance with data privacy rules should implement data protection concepts and practices in the early stages of development. Ensure your products and services comply with data privacy rules from the outset. This reduces future changes and increases users’ and regulators’ trust, enabling innovation in a secure and compliant framework. – Mike Housch, Dark Matter Technologies

4. Keep Your Users Close Throughout The Process

Bring your developers and your users together to talk directly as early as possible in the design process to identify privacy opportunities and risk factors in the product’s intended features. Then, be sure to keep the data owners as close as possible throughout the design process. – Molly Rauzi, Gagen MacDonald

5. Allow Users To Opt In; Purchase Existing Data

Regulations such as the GDPR are necessary with the increased blurring of the line between ethics and innovation. Allowing users to opt in when collecting new data continues to be an ethical and accepted strategy, along with buying existing opted-in data from credible sources. I also foresee improved machine learning models that can operate with far fewer datasets, shifting the mindset that more data is necessarily better for predicting outcomes. – Preeti Shukla, JustFund

6. Respect Your Users

It is not just privacy by design that is needed—one has to treat the users of one’s service with the respect one would want for oneself. A new service model involving deep respect for users and their data is key to reimagining the internet and the Web the way people want them to be and ensuring the internet remains a platform for innovation and creativity. – Andrew Sullivan, Internet Society

7. Be Transparent About Data Collection And Use

Companies must be transparent about the data they collect and how they use it. This approach requires auditing policies, communicating protections clearly to users and developing products using only essential data. Ensuring that external data processors also adhere to privacy regulations can expand a company’s ability to innovate while responsibly leveraging data. – Dan Pinto, Fingerprint

8. Include A Range Of Data Management Capabilities In New Designs

Considering changes in regulation around data privacy, such as the EU’s new NIS2 Directive, it is imperative for companies to incorporate privacy by design into their software development processes. As new applications are being developed, engineers need to include such capabilities as data inventory, encryption in transit and rest, data purge capabilities, and role-based access control mechanisms. – Carlos Morales, Vercara

9. Implement Encryption And Key Management Solutions

A robust data protection strategy is essential for companies looking to successfully strike this balance. Implementing encryption and key management solutions as part of this strategy ensures sensitive data and all paths to it remain protected while meeting compliance and best practice requirements, providing companies with a secure and controlled environment for innovation to thrive. – Todd Moore, Thales Group

10. Leverage Visibility Controls

Embrace privacy as an opportunity—rather than viewing privacy regulations as obstacles, see them as opportunities to build trust with your customers. Leverage visibility controls to monitor and manage access to sensitive data. By implementing granular access controls, you can limit data visibility to authorized users, reducing the risk of unauthorized exposure. – Ganesh Kirti, TrustLogix

11. Seek To Fulfill One Or Two Critical Principles Of Data Privacy

Data privacy regulations revolve around the principles of data capture, processing, retention and, most critically, distribution. Look to fulfill one or two of these principles, as an attempt to cover all of them will lead to gaps. This is especially true given the ever-changing amendments to regulations and, hence, the need for continuous alignment. – Sameer Zaveri,

12. Conduct A Cost-Benefit Analysis

Identify areas where you can invest a small amount—say, 10 cents—in innovative technologies that help meet privacy regulations while still generating significant revenue (say, $1.10 per customer). Such trade-offs can help reduce your liability and expedite your project’s time to market. Additionally, it’s crucial to anticipate your regulatory responsibilities to meet audit standards and regulatory expectations. – James Beecham, ALTR

13. Make Robust Data Privacy A Differentiator For Your Brand

Today, having a well-thought-out privacy and cybersecurity approach to data collection is a brand differentiator. Instead of thinking of it as a blocker or a cost, think of it as part of your brand and just build it into your processes (particularly product development). Make sure your marketing content highlights your efforts. – Caroline McCaffery, ClearOPS

14. Employ A Multicloud Storage Strategy

Compliance regulations often require organizations to store and process data within specific geographical regions or comply with multiple data sovereignty laws. Employing a multicloud strategy can allow organizations to select cloud or on-premises providers with data centers in different locations, enabling compliance with regional and international data residency requirements. – Thomas Robinson, Domino Data Lab

15. Use An Event Bus Architecture

Consider using an event bus architecture that requires individuals to subscribe to data or information updates. This way, you know where your data is going and how it is being utilized. Employ an architecture that enables people to get real-time access to the data they need and does not allow access unless you know who is accessing it and why. – Richard Ricks, Silver Tree Consulting and Services

16. ‘Shift Left’

By “shifting left” and adopting a privacy-by-design approach, integrating data protection measures (such as automating policies and controls), and encouraging cross-functional collaboration between appropriate business lines from the outset, tech companies can use compliance to fuel innovation, align and adapt to regulations, and—perhaps most importantly—build trust among users. – Kim Bozzella, Protiviti

17. Minimize Data Collection And Use

If your business model doesn’t hinge on profiting off of user data, there’s no need to collect and store it for a prolonged period of time. Collecting minimal data allows you to avoid compliance headaches and minimize the damage of a potential data breach. With blockchain and modern transport protocols, you can build apps that require no phone number or email for account registration. – Konstantin Klyagin, Redwerk

18. Appoint A Go-To Privacy Expert

Assign a dedicated privacy role. This can be a part-time task for someone on your legal or product management team. Having a go-to person for privacy issues ensures teams are educated and guided on these matters. This individual doesn’t need to have all the answers but should have the resources and knowledge to find them, keeping product development aligned with data privacy regulations. – Ilia Sotnikov, Netwrix

19. Engage In Policy Discussions

Picture steering a ship through uncharted waters—that’s how we navigate the sea of data privacy regulations. Our strategy? We’re not just map readers; we’re cartographers. We proactively shape our tech landscape by engaging in policy discussions, ensuring our innovative solutions are compliant by design, not as an afterthought. – Sandro Shubladze, Datamam

20. Make Privacy Your Top Priority, Not Just An Equal Priority

Asking how to balance innovation with compliance is the wrong question. Instead, we should ask, “How can companies put privacy at the center of their thinking and their development to create products and services that balance innovation with a deep respect for individual privacy needs?” That will lead to innovation that benefits society rather than weakens it. – Tod Loofbourrow, ViralGains

This article originally appeared on Forbes.