by Annie Greenley-Giudici | Jul 19, 2019 | All Posts
The increasing complexity of conducting business in the digital world has resulted in the need for organizations to adopt solutions that demonstrate compliance. Consumers care now more than ever what happens with their data when they use these services. The seemingly never ending announcements of global privacy frameworks make matters even more challenging (and dare we say it, costly). The old days of spreadsheets and Word documents are simply not up to the demands of the modern digital ecosystem.
For the second year running, the IAPP together with TrustArc surveyed 345 privacy professionals around the globe to gain an understanding of how privacy technology products are purchased and deployed within an organization. In this 3-post blog series, we will discuss the findings of this data and how you can use these data points in your organization.
Similar to last year’s survey, it is clear that certain technologies belong to the information technology and information security side of the organization, while others clearly fall under the privacy team’s domain. Perhaps the most notable finding from this report is that privacy and data protection professionals increasingly have input into certain privacy technology purchases, though they often have less budgetary control. Of all 11 categories of products surveyed, these privacy teams are most interested in data mapping and data flow management, privacy program management, legal updates, and individual rights management. In fact, the survey showed that these were the top 4 privacy tools that privacy teams specifically planned to purchase within the next 12 months.
In line with last year’s results, enterprise-wide technologies that increase security or affect an organization’s IT architecture have a more mature standing in the marketplace. A vast majority of respondents have purchased, tested and implemented network activity monitoring and secure enterprise communications and thus have no plans to purchase such tools in the near future. Mimicking the trend of security, privacy tools may are speculated to grow with adoption over the next several years.
The biggest driver for privacy tech adoption is the need to demonstrate compliance. With the arrival of the EU General Data Protection Regulation and other more recent privacy laws, including the California Consumer Privacy Act, the need to demonstrate compliance has grown in significance in the last year. This is only the beginning of regional regulations on privacy. In order to keep up with the quickly growing list of laws and regulations, organizations will require technology that offers scalability and efficiency, while guiding them toward privacy compliance.
In Part II of this series, we will discuss how top technology choices compare by the IT office and the Privacy office as well as deployment strategy across top privacy tools.
Learn more about how your peers are buying and deploying privacy technology by downloading the report.
by Annie Greenley-Giudici | Jun 27, 2019 | Resources
TrustArc and the International Association of Privacy Professionals (IAPP) has announced the results of new research that examined how privacy technology is bought and deployed to address privacy and data protection challenges. Findings show that products that help businesses discover and map data flows top the list of purchase plans and that the privacy team is playing a larger role in privacy tech purchasing decisions as organizations navigate a complex field of regulations.
“As the number of privacy regulations grows, organizations must contend with the complexity of managing an increasingly fragmented privacy regulatory landscape,” said Chris Babel, CEO, TrustArc. “These rapid regulatory changes make cross-regulation management more difficult. As a result, organizational leaders are purchasing technology that can streamline the process of building global privacy compliance at scale, while turning more to privacy and data protection professionals for purchase input.”
The increasing complexity of business in the digital world, coupled with a growing list of global privacy frameworks, has increased the need for organizations to adopt solutions that demonstrate compliance and are scalable and efficient. With the entry of GDPR last year, privacy technology solutions were pushed into prime time. Not only do privacy professionals need tools to organize and record data mapping and inventory exercises, as well as systems for conducting privacy impact assessments, they also increasingly require support with consent management, cookie compliance and data subject access requests (DSAR). The latter is becoming increasingly critical with the impending implementation of the California Consumer Privacy Act (CCPA).
“This survey encapsulates the priorities and decision-making process organizations are pursuing to ensure ingrained privacy and compliance,” said Trevor Hughes, CIPP, CEO, IAPP. “By providing a better understanding of the practices followed across the industry, the survey results can help organizations benchmark, budget, and plan for how to use and deploy technology to enhance their privacy programs.”
Key findings from the survey include:
Data mapping, data discovery, assessment management, and individual rights are top growing privacy tool categories:
- The top purchase plans for the next twelve months include Data Mapping / Flow (24%), Data Discovery (23%), Assessment Management (20%) and DSAR / Individual Rights (18%).
- Compared to last year’s survey, demand for Privacy Legal Updates and Information Management solutions has grown by 5%.
- Survey results showed similar privacy tech-purchasing habits among companies, regardless of size or whether in highly regulated (e.g., financial and health) or non-regulated industries.
Privacy department plays large role in purchase process:
- Privacy teams are the leading decision input for 9 of the 11 tool categories; The top four include Program Assessments (37%), Legal Updates (36%), Data Mapping (31%), and Individual Rights (31%).
- Privacy teams are the top budget sources for Privacy Assessment (51%), Privacy Legal Updates (45%), Individual Rights (41%), Data Mapping (35%), and Data Subject Consent (34%) tools.
To download the complete findings, click here.
About the Research
The survey was fielded in March 2019 to the IAPP’s Daily Dashboard newsletter, which reaches 46,000 subscribers from around the globe. The results are based on the response from 345 privacy professionals (primarily in-house, consultants and legal) based in the U.S. (45%), EU/Non-UK (28%), UK (12%), Canada (6%), Asia Pacific (5%) and Other (5%). While all key industry sectors were represented among the respondents, the five top industries were software and services (17%), consulting services (13%), legal services (10%), health care/pharmaceutical (8%) and financial services (6%).
The eleven technology categories surveyed were: Network activity monitoring, Secure enterprise communications, Website scanning and cookie compliance, Privacy legal updates and information management, Incident response, Privacy program assessment and management, Data mapping and data flow, DSAR/individual rights management, Data subject consent, Personal data discovery, and De-identification/pseudonymity.
About TrustArc
TrustArc, the leader in privacy compliance and data protection for over two decades, offers an unmatched combination of innovative technology, expert consulting and TRUSTe certification solutions, that together address all phases of privacy program management. The TrustArc Platform, fortified over eight years of operating experience, across a wide range of industries and client use cases, along with our extensive services, leverage deep privacy expertise and proven methodologies, which have been continuously enhanced through thousands of customer engagements. Headquartered in San Francisco, and backed by a global team across the Americas, Europe, and Asia, TrustArc helps customers worldwide demonstrate compliance, minimize risk and build trust. For more information, visit the TrustArc website, blog and LinkedIn.
About the IAPP
The International Association of Privacy Professionals is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally. More information about the IAPP is available at iapp.org.
by Annie Greenley-Giudici | Apr 25, 2019 | All Posts
As privacy tech continues to proliferate and embed itself in day-to-day privacy functions in the enterprise, the IAPP, together with TrustArc, seeks feedback to better understand how privacy pros are adopting the privacy tech tools outlined in our Privacy Tech Vendor Report. This year’s survey builds on a similar one we did last year looking at how privacy tools are acquired and deployed. Now, with obligations that both the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are imposing on organizations, are we seeing a move toward greater tech adoption?
The survey should only take about 10 minutes, and as with all IAPP surveys, your answers will be kept strictly confidential and the results will be analyzed in the aggregate only, with no responses linked to you personally. Questions about this survey can be sent to research@iapp.org.
Take the privacy tech adoption survey here.
by Annie Greenley-Giudici | Apr 17, 2019 | GDPR, Resources
The European Union’s (EU) General Data Protection Regulation (GDPR) has been occupying the minds of privacy professionals for the past two years and now attention is shifting to the California Consumer Privacy Act (CCPA). The CCPA is the toughest US privacy regulation to date and its impact will be felt by almost every organization that does business in California or handles personal information of California citizens.
To understand the readiness and plans for businesses to meet the January 1, 2020 deadline for the CCPA, Dimensional Research conducted this research among 250 US privacy professionals from Feb 15th – 27th, 2019. The online survey was fielded to IT and legal professionals at a fairly-evenly mixed target group of small (500 to 1,000 employees), mid-sized (1,000 to 5,000 employees) and large (over 5,000 employees) companies. Half the companies were subject to both the GDPR and CCPA, and the other half were only subject to the CCPA. A total of 250 executives, team managers and individual team contributors from companies in the financial services, technology, manufacturing, business services, energy and utilities, healthcare and other key industries completed the survey. All respondents were from the US.
Some sample questions we set out to answer with the survey were: Approximately how much of your GDPR program do you expect to leverage for CCPA? What areas will your company be investing in to prepare for CCPA? How much does your company expect to invest in CCPA-related privacy compliance expenses in 2019? How is the need for technology and tools used to manage data privacy changing at your company?
Our previous posts in this series discussed companies current CCPA compliance status and how companies plan to invest in order to achieve and maintain compliance.
Key Takeaway # 3: The top reason for investing in CCPA is to meet customer and partner expectations
As is evident from this survey, data protection management and compliance with the California Consumer Privacy Act (CCPA) will be a challenging task. Most companies are planning to invest in external resources. There are varying reasons for investing in CCPA compliance but the reason that tops the chart is to meet customer / partner requirements (62%). Other popular reason for investing in compliance are meeting internal reporting requirements, supporting company values, and fines or class action lawsuits.
The survey also reveals the fact that 88% of respondents will require help to meet CCPA compliance. 45% of whom need technology and tools to automate and operationalize privacy management.
Download the full report here.
TrustArc has a comprehensive set of privacy management solutions to help you manage your data privacy management program. We have solutions to help you with all phases of CCPA and GDPR compliance. We can help you build a plan and processes; implement controls and tools; and manage and demonstrate ongoing compliance. Solutions include the TrustArc platform and consulting services. To learn more about TrustArc solutions can help your company prepare for the CCPA, request a demo today!
by Annie Greenley-Giudici | Apr 10, 2019 | EU, GDPR
The European Union’s (EU) General Data Protection Regulation (GDPR) has been occupying the minds of privacy professionals for the past two years and now attention is shifting to the California Consumer Privacy Act (CCPA). The CCPA is the toughest US privacy regulation to date and its impact will be felt by almost every organization that does business in California or handles personal information of California citizens.
To understand the readiness and plans for businesses to meet the January 1, 2020 deadline for the CCPA, Dimensional Research conducted this research among 250 US privacy professionals from Feb 15th – 27th, 2019. The online survey was fielded to IT and legal professionals at a fairly-evenly mixed target group of small (500 to 1,000 employees), mid-sized (1,000 to 5,000 employees) and large (over 5,000 employees) companies. Half the companies were subject to both the GDPR and CCPA, and the other half were only subject to the CCPA. A total of 250 executives, team managers and individual team contributors from companies in the financial services, technology, manufacturing, business services, energy and utilities, healthcare and other key industries completed the survey. All respondents were from the US.
Some sample questions we set out to answer with the survey were: Approximately how much of your GDPR program do you expect to leverage for the California Consumer Privacy Act (CCPA)? What areas will your company be investing in to prepare for CCPA? How much does your company expect to invest in CCPA-related privacy compliance expenses in 2019? How is the need for technology and tools used to manage data privacy changing at your company?
Part 1 of this 3 part blog post series discussed where companies are at in terms of CCPA compliance and how GDPR compliance has provided some companies with a head start. Read part one here.
Key takeaway # 2: 72% of companies plan to invest in technology to help prepare for the CCPA
As is evident from this survey, data protection management and compliance with the California Consumer Privacy Act (CCPA) will be a challenging task. Most companies are planning to invest in external resources including technology solutions and consulting services. Of the 250 respondents, 72% say that they are preparing to invest in Technology and Tools followed by 61% in Consultants, 55% in External legal expertise and 45% in Internal Hiring.
Companies are also expecting significant costs in order to comply with the CCPA: 71% of the respondents expect to spend more than six figures in CCPA-related privacy compliance expenses in 2019 – and 19% expect to spend over $1 million.
Download the full report here.
TrustArc has a comprehensive set of privacy management solutions to help you manage your data privacy management program. We have solutions to help you with all phases of CCPA and GDPR compliance. We can help you build a plan and processes; implement controls and tools; and manage and demonstrate ongoing compliance. Solutions include the TrustArc platform and consulting services. To learn more about how TrustArc solutions can help your company prepare for the CCPA, request a demo today!
