We are excited to announce that TrustArc has been recognized as a Leader by Forrester Research in the Forrester Wave™: Privacy Management Software, Q1 2020!
According to Forrester, TrustArc’s “Market-leading privacy expertise permeates the product offering and in turn, creates a strong business vision and direction.” Forrester also noted that “leading-edge technology powers the TrustArc Privacy Platform,” which, “offers a customer onboarding experience that delivers highly relevant, customized, and actionable content.”
Forrester evaluated TrustArc’s Privacy Management Platform along with the offerings of 14 other vendors on over 25 different criteria in three groups: current offering, strategy, and market presence. TrustArc received the highest possible score in 12 criteria including the breadth of software, product strategy, vision, content, planned enhancements, market approach, innovation roadmap, and more.
The TrustArc Privacy Platform helps enterprises design and build privacy programs, assess and remediate risks, and manage ongoing privacy compliance. Recent platform extensions include automated solutions and partner integrations to further help companies manage privacy, including a first-of-its-kind automated Risk Profile and Privacy Profile.
We believe our placement highlights our success developing holistic solutions infused with privacy intelligence for creating ongoing scalable compliance and data protection programs. We thank our customers who provide innovative feedback and utilize our products to drive success in their businesses daily
Download a free copy of the Forrester Wave™: Privacy Management Software, Q1 2020 ($2,995 value), here.
Download this report (a $2995 value) for more information on the privacy management software landscape and to learn why TrustArc is a Leader.
TrustArc and the International Association of Privacy Professionals (IAPP) announced the results of new benchmarking research that examines the current state of privacy operations. The research shows that a majority of companies are adopting a single global data protection strategy to manage evolving legal requirements, and that managing the expanding ecosystem of third parties handling data has become a top priority.
“The data outlined in this study demonstrates, once again, that privacy is not a one-off endeavor,” said Trevor Hughes, CEO and president of the IAPP. “Privacy management is an increasingly complicated industry. As a result, the role of privacy professionals is taking center stage. Our research highlights how they must act as stewards for implementing the processes and technologies required to ensure scalable compliance across an ever-growing ecosystem of data from partners, customers, and vendors.”
Evolving Ecosystem of Partners, Customers, and Vendors Driving Risk Assessment Processes
Vendor and third-party risk assessments ranked first among privacy assessments globally, with 78 percent of U.S. respondents reporting that they now conduct them. That figure indicates the growing complexity of the ecosystem now impacting compliant data privacy management.
“The CCPA will be the toughest privacy law this country has seen to date, expanding the rights of consumers and their data,” said Chris Babel, CEO of TrustArc. “This survey reinforces what we continue to see and hear from our thousands of customers: that privacy management is getting more complex. That’s why we continue to lead the charge in building the technology solutions and enabling the infrastructure integrations necessary to make compliance automated and scalable.”
To understand the different types of privacy operations across regions, company size and industry, TrustArc and the IAPP surveyed close to 350 privacy professionals in the U.S., EU, UK and Canada.
Key findings from the survey include:
U.S. companies comply with more laws than EU counterparts, which focused primarily on GDPR
- 79% of respondents report complying with two or more privacy laws, while only 16% are focused on just one.
- 10% report actively working to comply with 50 privacy laws or more at once, while 13% are working on 6-10 laws, and another 13% on 11-49 laws.
- EU respondents were more likely to report actively working to comply with five or fewer privacy laws, while U.S. respondents were more likely than their EU counterparts to be complying with 11 or more laws.
- Significantly more EU+UK respondents (81%) conduct Data Protection Impact Assessments as compared to U.S. respondents (53%).
Majority pursuing a single, global data protection strategy
- 56% of respondents across all geographies are working toward a single, global data protection and privacy strategy for data subjects’ rights.
- Only 28% of U.S. companies and 21% of EU+UK companies categorize data subjects by jurisdiction and geography and handle each data subject’s data according to the laws that apply to that individual.
- A majority of EU+UK respondents report serving customers in only one region (22%) compared to U.S. respondents (11%).
Growing complexity is driving operational changes to privacy programs
- 42% deleted personal data more regularly; more so among EU+UK respondents (56%) than U.S. (44%).
- 21% converted from an opt-out to an opt-in email marketing strategy across geographies; vastly more so in the EU+UK (30%) compared to US respondents (13%).
To download the complete findings, click here.
About the Research
The survey was fielded in the fall of 2019 to the IAPP Daily Dashboard newsletter, which reaches more than 60,000 subscribers from around the globe. The results are based on responses from 327 privacy professionals (primarily in-house in privacy, legal and compliance functions) based in the U.S. (43%), EU/Non-UK (24%), UK (13%), Canada (9%), Asia (4%) and Other Countries (7%). Company size ranged between 1-250 employees (25%), 251-1,000 (17%), 1,001-5,000 (20%), 5,001-25,000 (19%), and 25,000+ (19%). Respondents represent a variety of industries, split between sectors traditionally regulated for privacy (e.g. health care, financial services and banking, insurance) at 35% and sectors traditionally not subject to privacy regulation (e.g. technology and software, manufacturing) at 33%. Those working in legal or consulting services made up 16% of respondents, with another 11% representing governmental or non-profit organizations.
After introducing the 2019 Privacy Tech Adoption Report in part I of this blog post series and illustrating the differences in buying roles between the IT office and the privacy office in part II, we are pleased to share the final post of this series. Part III of this blog series will share the top three fastest growing tech tools, and outline how you can gain influencing power when it comes to product acquisition.
The increasing complexity of business in the digital world, coupled with a growing list of global privacy frameworks, has increased the need for organizations to adopt solutions that demonstrate compliance and are scalable and efficient. In fact, according to the report, 92% of organizations say need to demonstrate compliance is motivation for technology adoption. To help manage this complex regulatory landscape, privacy professionals have turned to tech tools. The top purchase plans for the next twelve months include a spread across 11 different product categories, but the fastest growing are data mapping / flow (24%), data discovery (23%), and assessment management (20%).
Why data mapping and data flow?
One of the most important steps to build and manage a data privacy program is to create an inventory of all of the personal data processing activities within a company. If an organization does not know the type of data they collect and how it’s shared, processed and stored; or the data inflows and outflows, it is difficult to know if they meet the requirements of the privacy frameworks that impact their business. It is also difficult to know where data resides
in order to be able to efficiently respond to situations where individuals may exercise their personal data rights, for example, data subject access requests (DSAR). As privacy and data protection regulations expand, companies need to demonstrate how they reduce and
manage risk. Building and maintaining a data inventory is an essential first step. The EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are two examples of regulations which rely heavily on a comprehensive data inventory to support risk management, compliance reporting and responding to individual rights and DSARs.
Why personal data discovery?
With regulations like GDPR and CCPA, individuals have the right to request personal data collected on them. Anytime this happens, privacy professionals are forced to spend countless hours looking for personally identifiable information (PII) of customers, employees and partners. To alleviate these time-consuming activities, privacy pros are turning to privacy tech tools with the right integrations and automation in all the right places.
Why privacy program assessment and management?
No matter what industry you are in, the size of your organization, or the maturity of your privacy program, conducting regular privacy assessments is important to understand and ensure compliance. These assessments need to address a wide range of legal requirements and best practices and will help build an action plan to identify gaps and define and manage remediation activities. This solutions brief reviews some of the most common types of privacy assessments and provides tips and tools on how to automate and efficiently manage the process.
Discover how your peers are buying and deploying privacy technology by downloading the report.
Want to learn more? Join us for a web conference: “How Privacy Tech Is Bought and Deployed (2019)” – Tuesday, Oct. 15, 2019
Sit down and listen to privacy leaders discuss findings from this report, as well as how these findings illuminate what we are seeing in the market. Register for this webinar to learn:
- What technology is truly in use versus what is still far from the mainstream.
- Which tools are better suited to reside within the privacy office rather than being housed in IT or infosec.
- How technologies with built-in security applications fare against newer privacy-office-specific solutions.
Dave Cohen, CIPP/E, CIPP/US, Knowledge Manager, IAPP
Jedidiah Bracy, CIPP, Editorial Director, IAPP
Hilary Wandall, CIPP/E, CIPP/US, CIPM, FIP, SVP Privacy Intelligence and General Counsel, TrustArc
Part I of this blog post series introduced the 2019 Privacy Tech Adoption Report, benchmarking how privacy tech is bought and deployed.
This blog post will illustrate the differences between the IT office and the privacy office when it comes to privacy tech preferences. Businesses can use this information in two ways: first, to compare their purchasing decisions amongst peers; second, to identify stakeholders across business units as privacy tech evaluation begins.
Privacy Tech Decision Making
The heat map below depicts the percentage of respondents that selected a particular team as the primary decision maker for each technology tested in the survey. Not surprisingly, the Privacy/Data Protection teams are most frequently involved in decision making for privacy-specific product categories such as privacy program assessment and management. What is most interesting about this heat map is the spread of light green across IT, InfoSec, Legal, Compliance, and Privacy/Data Protection teams. This indicates that several business units are stakeholders of privacy.
Privacy Tech Budget Sources
In contrast to the teams involved in making decisions on privacy technology acquisition, the budgets used to purchase these tools are almost exclusively tied to IT, InfoSec, and Privacy/Data Protection. IT and InfoSec have a reputation for large budgets, and more recently are concerning themselves with privacy by design, which may play a role in sourcing these teams to secure budget for privacy technology. The heatmap below illustrates the concentration of teams contributing to budgets for privacy technology.
Privacy Tech Usage
What is perhaps the most interesting part are the findings related to usage of the tools. While IT, InfoSec, Legal, Compliance, and Privacy/Data Protection teams are decision makers (to some degree), the usage of certain product categories is heavily found within Privacy/Data Protection team. The heatmap below depicts the spread of use across all business units tested in the survey.
Leverage these findings for your business by following the tips below.
- Gather the right stakeholders for the product categories which you’re most interested in. The first heatmap above can aid you in identifying who should be engaged for specific product categories.
- Budget is the biggest barrier for privacy tech adoption. Create partnerships with IT, InfoSec, and Privacy/Data Protection teams. If needed, get creative with leveraging other teams such as Marketing.
- Consider allowing the Privacy/Data Protection team to drive the privacy technology initiative, as they will have the best understanding of how to make the most of privacy technology tools.
Part III Coming Soon
In Part III of this series, we will discuss the top three fastest growing privacy tech tools, and how you can gain influencing power over product acquisition.
Learn more about how your peers are buying and deploying privacy technology by downloading the report.