{"id":576974,"date":"2025-06-15T19:38:10","date_gmt":"2025-06-16T02:38:10","guid":{"rendered":"https:\/\/www.genesys.com\/blog\/post\/navigating-the-new-era-of-security-privacy-and-compliance"},"modified":"2025-06-15T19:39:01","modified_gmt":"2025-06-16T02:39:01","slug":"navigating-the-new-era-of-security-privacy-and-compliance","status":"publish","type":"blog","link":"https:\/\/www.genesys.com\/en-sg\/blog\/post\/navigating-the-new-era-of-security-privacy-and-compliance","title":{"rendered":"Navigating the New Era of Security, Privacy and Compliance"},"content":{"rendered":"

[vc_row][vc_column][vc_column_text css=””]Data privacy regulations are evolving across jurisdictions and countries and increasing in their scope. At the same time, artificial intelligence (AI) is accelerating risk exposure. This can put organisations under pressure to not only protect their environments but also prove that they\u2019re doing so. That requires more than just putting an “X” in your compliance checkbox.<\/span><\/p>\n

Security, privacy and compliance concerns are operational realities. Regulatory frameworks like the EU AI Act<\/a>, Digital Operational Reliance Act (DORA)<\/a>, EU GDPR<\/a>, EU Data Act, Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA) require demonstrable compliance \u2014 and enforcement is escalating. A data breach today doesn\u2019t only result in financial penalties; it could damage a company\u2019s reputation and trigger customer flight in an era where switching providers is easier than ever.<\/span><\/p>\n

As businesses look to scale securely and responsibly<\/a>, several capabilities will be essential to running compliant operations. These include the ability to verify how vendors implement security controls and handle sensitive data, how AI models are trained and used<\/a>, what safeguards are in place, what documentation is available for due diligence and the vendor\u2019s approach to supporting its customers\u2019 due diligence process.<\/span><\/p>\n

This article explains why your organisation needs user-friendly tools to help close the information gap in order to reduce risks with AI and strengthen compliance strategies.<\/span>[\/vc_column_text][vc_row_inner][vc_column_inner][vc_column_text css=””]<\/p>\n

Increasing Adoption of Directives and Regulations<\/span><\/h3>\n

Privacy is one of the two primary areas of the global regulatory environment. While the GDPR in the EU led the way in privacy regulations eight years ago, other regions and states are quickly catching up with their own privacy laws. This includes Australia, several countries in Asia and California.
\n<\/span>
\nWithin the EU, several cloud providers have announced plans for EU Sovereign Cloud services. The Genesys Cloud<\/a><\/span>\u2122<\/span><\/sup> platform is already available in 14 core regions and Genesys has announced plans to deploy Genesys Cloud on EU Sovereign Cloud, providing our customers with more deployment options to meet regulatory and preferred compliance requirements.<\/span><\/p>\n

Because of such strict regulations and directives, the public is increasingly aware of privacy as it relates to their digital footprint and their rights to have it secured. On top of the directives and regulations around privacy are the evolving challenges of AI, the second primary area of global regulations.<\/span>[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_row_inner][vc_column_inner][vc_column_text css=””]<\/p>\n

Handling Data in the Era of AI<\/span><\/h3>\n

Public awareness of privacy rights extends to AI, and the knowledge that the information they input into an AI system could be used elsewhere. It\u2019s not necessarily private and there aren\u2019t necessarily \u201cring fenced\u201d systems protecting it.
\n<\/span>
\nOne of the purposes of the EU AI act is to categorise AI systems, how they can be used and their levels of risk. For example, scanning people\u2019s faces in a public place is categorised as an unacceptable risk and is therefore prohibited.<\/span><\/p>\n

Systems categorised as high and medium risk still have transparency and other obligations, and some seemingly low-risk AI systems could fall into a higher risk category under certain use cases. Details like these are causing businesses to look more closely at the controls they need around AI.<\/span><\/p>\n

The complexity and speed of change can make it difficult to manage controls \u2014 especially for those with limited resources. As the enforcement dates of new regulations draw closer, so does the potential risk of heavy fines. If a company hasn\u2019t kept on top of its training and education \u2014 or maybe isn\u2019t aware of every new law coming out \u2014 there can be pressure to get up to speed quickly.<\/span><\/p>\n

Larger corporate entities and certain vertical industries, such as healthcare or financial services, tend to be better prepared for these directives because they\u2019re under more scrutiny by regulators for their management of sensitive data. But not all of them are fully prepared \u2014 and neither are many small and medium-sized businesses. These smaller businesses might be going through impact assessments and trying to understand if their customer data is at risk. And if so, what do they need to do about it?<\/span>[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_row_inner][vc_column_inner][vc_column_text css=””]<\/p>\n

Manually Managing Compliance Opens the Door to Risks<\/span><\/h3>\n

Businesses are doing a lot of manual work to keep up with security, privacy and compliance regulations, especially with the increasing risks of non-compliance. In some cases, rather than mandating a data protection officer or a data privacy officer, which many businesses have, regulators are now pointing to C-level executives and board members as the liable parties if there\u2019s a breach.
\n<\/span>
\nThere\u2019s also mandatory training for executives. At a minimum, executives must understand the framework of what’s being introduced, and that information must cascade down to the rest of the business.<\/span><\/p>\n

In addition to the financial fines that can impact profitability, there\u2019s also a massive risk to reputation. Nobody wants their data stored at a company known for a data breach.<\/span><\/p>\n

The speed of negative news can translate into fast and massive cancellations of a company\u2019s products and services. Month-to-month subscription models are common in consumer entertainment and other industries, making it very simple for customers to move on to your competitor. Once you\u2019ve lost trust, it can be costly to regain.<\/span>[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_row_inner][vc_column_inner][vc_column_text css=””]<\/p>\n

Build Customer Trust with a Vendor You Can Trust <\/span><\/h3>\n

Any business looking for assistance with their compliance and security issues should look carefully at how vendor solutions use data and the guardrails around its use. It\u2019s not enough to merely see on a vendor\u2019s website that they have a specific certification and accept a claim as validation that the vendor is compliant.
\n<\/span>
\nThis was the driver behind the<\/span> Genesys Security, Privacy and Compliance (SPC) Portal<\/span><\/a>, which provides up-to-date compliance documentation and certifications to our partners and direct customers\u2014all in one central location. The portal includes attestations of compliance, penetration testing reports, Data Protection Impact Assessment (DPIA), Transfer Impact Assessment (TIA), AI model Cards (transparency reports) and best practices documentation. It also has in-depth details, including videos on topics like the encryption used by the Genesys Cloud platform, Genesys SDLC approach.<\/span><\/p>\n

Beyond some of the use cases listed above, the SPC Portal includes a COE AI assistant to help improve efficiency and make search a better self-service experience, as it surfaces answers from multiple applicable managed sites and resources within Genesys.<\/span><\/p>\n

Other trial tools in the Portal, available through a signed Free Trial Agreement, demonstrate how the Genesys Cloud APIs can be used to give you a deeper look into your own organisation. For example, you might use the tools to:<\/span><\/p>\n