Complicated Compliance Made Easy

Written by

In 2018, a global Web Index survey found that 70 percent of internet users in the UK and US were more concerned about their online privacy than they had been the previous year. In fact, 78 percent of respondents to a Ping Identity survey said that they would no longer engage with a brand online if the company had experienced a security breach, and 36 percent said they would stop engaging with the brand altogether. 

These are the harsh realities of customer perception that organizations are facing. Adding an increasingly strict regulatory environment to customer distrust, companies are looking for ways to improve their data stewardship.

Prime time for privacy technology
A recent TrustArc report in conjunction with the International Association of Privacy Professionals (IAPP) identified a clear need for privacy pros to assess and manage their privacy programs using technology, while also mapping data flow. The results are telling – with the introduction of the GDPR, technology that helps businesses keep up with the myriad of global regulations in an ever-increasing digital world are in high demand.

The days of using spreadsheets and Word documents to benchmark regulatory compliance are gone: these methods are simply no match for the stresses and requirements of the modern digital ecosystem.

As more and more privacy regulations are beginning to adopt some aspects of the GDPR’s Data Subject Access Request (DSAR) provision, privacy professionals are increasingly keen on purchasing DSAR technology. This follows the natural progression of enterprise privacy compliance - locate personal data, map the flow of that data, create a framework to manage and assess privacy compliance, then be prepared to respond to your users. However, not unlike consent management, DSARs can be difficult to operationalize, but with growing interest, adoption is likely to continue. 

Generally, as the number of privacy regulations grows, companies are having to deal with an increasingly fragmented regulatory landscape, which turned cross-regulation management into a near-impossible task. As a result, purchasing technology to streamline the process of building global privacy compliance at scale has become a priority for many company leaders - and turning to privacy and data protection professionals for purchase input has also become more common. 

Controlling the budget
While the input of privacy and data professionals might have increased - one-quarter of the IAPP survey respondents said the privacy/data protection office is involved in the decision to acquire and use tools - they often still have limited budgetary control. More often it is the IT or infosec departments that makes the buying decisions for security tools, including secure enterprise communications, network activity monitoring, incident response, de-identification/pseudonymity, website scanning and cookie compliance, and personal data discovery. Unfortunately, the lack of budget and resources is a major barrier to privacy tech adoption.

The competitive edge
The need for privacy management has increased tenfold in the past few years, moving from protecting customer data to customers exercising control over their own data. What does this mean for business? A company that excels in data stewardship and is transparent with how data is collected and used has an edge over less trustworthy competition.

Owning lots of data obviously puts a company ahead of the game – increased insight can be a huge competitive advantage. Gartner analyst Saul Judah warns: “Effective governance is a critical success factor for data and analytics initiatives, and one of the most difficult challenges that organizations face.”

One of the main challenges is privacy and personalization, which, contrary to popular belief, do not need to be in conflict with each other. Good data stewardship allows for data to be leveraged to offer personalized products and services without breaching privacy regulations or jeopardizing the security of your customers’ data. 

Where are we now?
The IAPP report findings demonstrate that a shift in priorities has taken place. With enforcement activities ramping up and with laws like the CCP about to come into effect, organizations are eager to make their best practice even better and ingrain privacy and compliance into their company ethos. Because these days, customers are no longer interested in lip service but will request proof of good data stewardship, resulting in the rise of DSAR technology. 

Having recognized the need for technology to assess their privacy programs and map their data flow, businesses are changing the way the budget is distributed. However, the number one barrier to privacy technology adoption is still finance.

Having said that, change is clearly on the horizon - privacy teams are playing a bigger role in privacy tech purchasing decisions as businesses realize that the complex field of regulations requires as much expertise as possible. 

What’s hot on Infosecurity Magazine?