Go Back
Blog

3 Expert Predictions on Where International Privacy Regulations Are Heading in 2023 and Beyond

Check out this blog post to learn what international privacy experts expect to see as regulations and threats continue to evolve over the coming years.

Keeping up with international privacy regulations can feel like trying to hit a moving target. To help organizations move from reactive panic to proactive preparation, Exterro’s The Future of Privacy webinar series brought together global experts to forecast the landscape for 2023 and beyond.

Here are the three critical predictions and expert recommendations for navigating the "International Privacy Landscape of Tomorrow."

Prediction 1: The "Data Sovereignty" Shift

The core philosophy of the GDPR—that personal data belongs to the subject, not the organization—is becoming the global standard. This concept is the "North Star" for new legislation in both international jurisdictions and U.S. state laws (like the CPRA).

  • The Logic: If the data belongs to the individual, then consent, the right to access (DSARs), and the right to deletion are not just regulatory hurdles—they are fundamental rights.
  • Expert Recommendation: "Have people, processes, and technology in place to address the fundamental aspects of privacy like informed consent and data subject access requests." — Xavier Alabart, The Privacy Aces GmbH.

Prediction 2: Harmonization Toward the "Gold Standard"

Privacy laws are not at their final evolution. We are currently in a period of "harmonization" where divergent regional laws are converging toward a set of practical, high-standard best practices.

  • The Logic: Organizations crave certainty. By adopting the most stringent "gold standard" regulations (like GDPR) as a baseline, businesses can future-proof themselves against upcoming regional changes.
  • Expert Insight: "The laws as they exist today are not the end of the road. Prepare for the strong regulatory regimes as laws will tend to converge toward 'gold standard' regulations." — Ben Crew, FTI Consulting.

Prediction 3: A More Diverse and Dangerous Threat Landscape

The assumption that data is only "compromised" if it is stolen (exfiltrated) has been shattered by the rise of ransomware, which focuses on denying access to data for profit.

  • The Logic: As organizations create more value from their data, the incentive for bad actors to exploit that data—via new sources, new data types, and new technologies—increases exponentially.
  • Expert Recommendation: "As organizations gather more data and create more value from the data they have, threat actors will seek to exploit it. Prepare response plans and train for incidents, because they will happen eventually." — Tim de Sousa, FTI Consulting.

Prepare for Tomorrow, Today

Reactive compliance is no longer a sustainable business model. By understanding that data belongs to the subject, preparing for the "gold standard" of regulation, and hardening your incident response plans, you can find a moment to breathe in an otherwise spinning industry.

Resource: Download the Infographic: The International Privacy Landscape of Tomorrow

Redefining how your business manages data risk.
Get Started
Mitigating enterprise data risk.
ResourcesBlogPodcastCase StudiesWhitepapers
ProductseDiscoveryDigital ForensicsData GovernancePlatform & Intelligence
IndustriesFinancial Services & InsuranceHealthcare & Life SciencesEnergy & UtilitiesGovernment & Public Sector
CompanyNews & PressCareersTrust CenterContact Us
© 2026 Exterro. All rights reserved
Trust CenterModern Slavery StatementPrivacy PolicyWebsite Terms of Use
Do Not Sell or Share My Personal Information