IAPP & TrustArc Research
The increasing complexity of conducting business in the digital world has resulted in the need for organizations to adopt solutions that demonstrate compliance. Consumers care now more than ever about what happens with their data when they use these services.
The seemingly never-ending announcements of global privacy frameworks make matters even more challenging (and, dare we say it, costly). The old days of spreadsheets and Word documents are simply not up to the demands of the modern digital ecosystem.
Growing Demand for Privacy Technology Tools to Demonstrate Compliance
For the second year running, the IAPP and TrustArc surveyed 345 privacy professionals around the globe to gain an understanding of how privacy technology products are purchased and deployed within an organization.
Similar to last year’s survey, it is clear that certain technologies belong to the information technology and information security side of the organization, while others clearly fall under the privacy team’s domain.
Perhaps the most notable finding from this report is that privacy and data protection professionals increasingly have input into certain privacy technology purchases, though they often have less budgetary control.
These privacy teams are most interested in data mapping and data flow management, privacy program management, legal updates, and individual rights management.
In fact, the survey showed that these were the top 4 privacy tools that privacy teams specifically planned to purchase within the next 12 months.
In line with previous results, enterprise-wide technologies that increase security or affect an organization’s IT architecture have a more mature standing in the marketplace.
A vast majority of respondents have purchased, tested and implemented network activity monitoring and secure enterprise communications and thus have no plans to purchase such tools in the near future.
Mimicking the trend of security, privacy tools may are speculated to grow with adoption over the next several years. The biggest driver for privacy tech adoption is the need to demonstrate compliance.
With the arrival of the EU General Data Protection Regulation and other more recent privacy laws, including the California Consumer Privacy Act, the need to demonstrate compliance has grown in significance in the last year.
This is only the beginning of regional regulations on privacy. In order to keep up with the quickly growing list of laws and regulations, organizations will require technology that offers scalability and efficiency, while guiding them toward privacy compliance.
Privacy Tech Preferences by the IT Office and the Privacy Office
Privacy Tech Decision Making
Not surprisingly, the Privacy/Data Protection teams are most frequently involved in decision making for privacy-specific product categories such as privacy program assessment and management.
What is most interesting about the results this year is the spread across IT, InfoSec, Legal, Compliance, and Privacy/Data Protection teams. This indicates that several business units are stakeholders of privacy.
Privacy Tech Budget Sources
In contrast to the teams involved in making decisions on privacy technology acquisition, the budgets used to purchase these tools are almost exclusively tied to IT, InfoSec, and Privacy/Data Protection.
IT and InfoSec have a reputation for large budgets, and more recently are concerning themselves with privacy by design, which may play a role in sourcing these teams to secure budget for privacy technology.
Privacy Tech Usage
What is perhaps the most interesting part are the findings related to usage of privacy tech tools.
While IT, InfoSec, Legal, Compliance, and Privacy/Data Protection teams are decision makers (to some degree), the usage of certain product categories is heavily found within Privacy/Data Protection team.
- Gather the right stakeholders for the product categories which you’re most interested in.
- Budget is the biggest barrier for privacy tech adoption. Create partnerships with IT, InfoSec, and Privacy/Data Protection teams. If needed, get creative with leveraging other teams such as Marketing.
- Consider allowing the Privacy/Data Protection team to drive the privacy technology initiative, as they will have the best understanding of how to make the most of privacy technology tools.
Top Three Fastest Growing Privacy Tech Tools in 2019
The increasing complexity of business coupled with a growing list of global privacy frameworks has increased the need for organizations to adopt solutions that demonstrate compliance and are scalable and efficient.
In fact, according to the report, 92% of organizations say need to demonstrate compliance is motivation for technology adoption.
To help manage this complex regulatory landscape, privacy professionals have turned to tech tools.
The top purchase plans for the next twelve months include a spread across 11 different product categories, but the fastest growing are data mapping / flow (24%), data discovery (23%), and assessment management (20%).
Why Data Mapping and Data Flow?
One of the most important steps to build and manage a data privacy program is to create an inventory of all of the personal data processing activities within a company.
If an organization does not know the type of data they collect and how it’s shared, processed and stored; or the data inflows and outflows, it is difficult to know if they meet the requirements of the privacy frameworks that impact their business.
It is also difficult to know where data resides
in order to be able to efficiently respond to situations where individuals may exercise their personal data rights, for example, data subject access requests (DSAR).
As privacy and data protection regulations expand, companies need to demonstrate how they reduce and manage risk. Building and maintaining a data inventory is an essential first step.
EU GDPR and CCPA are two examples of regulations which rely heavily on a comprehensive data inventory to support risk management, compliance reporting and responding to individual rights and DSARs.
Why Personal Data Discovery?
With regulations like GDPR and CCPA, individuals have the right to request personal data collected on them.
Anytime this happens, privacy professionals are forced to spend countless hours looking for personally identifiable information (PII) of customers, employees and partners.
To alleviate these time-consuming activities, privacy pros are turning to privacy tech tools with the right integrations and automation in all the right places.
Why Privacy Program Assessment and Management?
No matter what industry you are in, the size of your organization, or the maturity of your privacy program, conducting regular privacy assessments is important to understand and ensure compliance.
These assessments need to address a wide range of legal requirements and best practices and will help build an action plan to identify gaps and define and manage remediation activities.
