New IAPP and TrustArc Benchmarking Research Highlights Growing Demand for Technology Solutions to Help Organizations Keep Pace With New Privacy Laws

TrustArc and the International Association of Privacy Professionals (IAPP) has announced the results of new research that examined how privacy technology is bought and deployed to address privacy and data protection challenges. Findings show that products that help businesses discover and map data flows top the list of purchase plans and that the privacy team is playing a larger role in privacy tech purchasing decisions as organizations navigate a complex field of regulations.

“As the number of privacy regulations grows, organizations must contend with the complexity of managing an increasingly fragmented privacy regulatory landscape,” said Chris Babel, CEO, TrustArc. “These rapid regulatory changes make cross-regulation management more difficult. As a result, organizational leaders are purchasing technology that can streamline the process of building global privacy compliance at scale, while turning more to privacy and data protection professionals for purchase input.”

The increasing complexity of business in the digital world, coupled with a growing list of global privacy frameworks, has increased the need for organizations to adopt solutions that demonstrate compliance and are scalable and efficient. With the entry of GDPR last year, privacy technology solutions were pushed into prime time. Not only do privacy professionals need tools to organize and record data mapping and inventory exercises, as well as systems for conducting privacy impact assessments, they also increasingly require support with consent management, cookie compliance and data subject access requests (DSAR). The latter is becoming increasingly critical with the impending implementation of the California Consumer Privacy Act (CCPA).

“This survey encapsulates the priorities and decision-making process organizations are pursuing to ensure ingrained privacy and compliance,” said Trevor Hughes, CIPP, CEO, IAPP. “By providing a better understanding of the practices followed across the industry, the survey results can help organizations benchmark, budget, and plan for how to use and deploy technology to enhance their privacy programs.”

Key findings from the survey include:

Data mapping, data discovery, assessment management, and individual rights are top growing privacy tool categories:

  • The top purchase plans for the next twelve months include Data Mapping / Flow (24%), Data Discovery (23%), Assessment Management (20%) and DSAR / Individual Rights (18%).
  • Compared to last year’s survey, demand for Privacy Legal Updates and Information Management solutions has grown by 5%.
  • Survey results showed similar privacy tech-purchasing habits among companies, regardless of size or whether in highly regulated (e.g., financial and health) or non-regulated industries.

Privacy department plays large role in purchase process:

  • Privacy teams are the leading decision input for 9 of the 11 tool categories; The top four include Program Assessments (37%), Legal Updates (36%), Data Mapping (31%), and Individual Rights (31%).
  • Privacy teams are the top budget sources for Privacy Assessment (51%), Privacy Legal Updates (45%), Individual Rights (41%), Data Mapping (35%), and Data Subject Consent (34%) tools.

To download the complete findings, click here.

About the Research

The survey was fielded in March 2019 to the IAPP’s Daily Dashboard newsletter, which reaches 46,000 subscribers from around the globe. The results are based on the response from 345 privacy professionals (primarily in-house, consultants and legal) based in the U.S. (45%), EU/Non-UK (28%), UK (12%), Canada (6%), Asia Pacific (5%) and Other (5%). While all key industry sectors were represented among the respondents, the five top industries were software and services (17%), consulting services (13%), legal services (10%), health care/pharmaceutical (8%) and financial services (6%).

The eleven technology categories surveyed were: Network activity monitoring, Secure enterprise communications, Website scanning and cookie compliance, Privacy legal updates and information management, Incident response, Privacy program assessment and management, Data mapping and data flow, DSAR/individual rights management, Data subject consent, Personal data discovery, and De-identification/pseudonymity.

About TrustArc

TrustArc, the leader in privacy compliance and data protection for over two decades, offers an unmatched combination of innovative technology, expert consulting and TRUSTe certification solutions, that together address all phases of privacy program management. The TrustArc Platform, fortified over eight years of operating experience, across a wide range of industries and client use cases, along with our extensive services, leverage deep privacy expertise and proven methodologies, which have been continuously enhanced through thousands of customer engagements. Headquartered in San Francisco, and backed by a global team across the Americas, Europe, and Asia, TrustArc helps customers worldwide demonstrate compliance, minimize risk and build trust. For more information, visit the TrustArc website, blog and LinkedIn.

About the IAPP

The International Association of Privacy Professionals is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally. More information about the IAPP is available at

TrustArc General Counsel and Chief Data Governance Officer Hilary Wandall Keynote Panelist at IAPP Asia Privacy Forum 2018 – Event Recap

Hilary speaking on closing panel.

This year the IAPP Asia Privacy Forum was held July 23rd to July 24th at the Marina Bay Sands located in Singapore’s central business district. This beautiful venue was a great stage for the discussions about everything from “Mapping APEC to the GDPR” to “Trans-Border Data Flow and Cross-Border Data Breaches.”

Our General Counsel and Chief Data Governance Officer Hilary Wandall was a panelist during the keynote closing session on July 24th. Hilary and fellow panelists David Alfred (Chief Counsel, Legal,Personal Data Protection Commission, Singapore), Keith Enright (Legal Director, Privacy, Google), Huey Tan (APAC Senior Privacy Counsel, Apple), and moderator Bojana Bellamy (President, Centre for Information Policy Leadership, Hunton Andrews Kurth), discussed “Incentivising Accountability & Certifications as Enablers for Global Data Flows.”  Each panelist discussed what accountability means on a high level, and how it works in practice.

At TrustArc, we have been enabling companies to demonstrate accountability since our first certification program in 1997 – our “Website Privacy Certification.” Since then the privacy landscape has changed. Data privacy laws and frameworks have evolved with companies’ increased business focus on using personal data. In turn, TrustArc Certifications and assurance programs have also evolved to support privacy’s importance in conducting business today.

Hilary discussed how companies can scale their privacy programs by using solutions that implement controls with global regulations and frameworks in mind, thereby taking advantage of commonalities between various regulations and frameworks. One way that TrustArc assessments help companies demonstrate accountability is by infusing privacy expertise into rules, guidance, tasks, and remediation recommendations as well as the privacy advisories we provide to our clients.

She also highlighted the importance that technology plays in companies’ privacy programs today, underscored by the recent research conducted by the IAPP and TrustArc. One finding that illustrates privacy’s importance today is that companies have implemented, or plan to implement privacy technology in eight of the ten privacy tech categories in the research study: network activity monitoring, security enterprise communications, website scanning/cookie management, incident response management, privacy information management, privacy program assessment management, data mapping & flow, and personal data discovery. What’s more, privacy’s role in the purchasing decisions of this technology is growing.

Well planned privacy programs implemented with technology are necessary to keep pace with today’s reliance on data driven businesses. TrustArc will continue to innovate solutions that help companies demonstrate accountability through certifications and assurance programs as well as reporting aligned with specific regulatory requirements, such as demonstrating records of data processing and effective risk mitigation through data protection impact assessments.