TrustArc and the International Association of Privacy Professionals (IAPP) has announced the results of new research that examined how privacy technology is bought and deployed to address privacy and data protection challenges. Findings show that products that help businesses discover and map data flows top the list of purchase plans and that the privacy team is playing a larger role in privacy tech purchasing decisions as organizations navigate a complex field of regulations.
“As the number of privacy regulations grows, organizations must contend with the complexity of managing an increasingly fragmented privacy regulatory landscape,” said Chris Babel, CEO, TrustArc. “These rapid regulatory changes make cross-regulation management more difficult. As a result, organizational leaders are purchasing technology that can streamline the process of building global privacy compliance at scale, while turning more to privacy and data protection professionals for purchase input.”
The increasing complexity of business in the digital world, coupled with a growing list of global privacy frameworks, has increased the need for organizations to adopt solutions that demonstrate compliance and are scalable and efficient. With the entry of GDPR last year, privacy technology solutions were pushed into prime time. Not only do privacy professionals need tools to organize and record data mapping and inventory exercises, as well as systems for conducting privacy impact assessments, they also increasingly require support with consent management, cookie compliance and data subject access requests (DSAR). The latter is becoming increasingly critical with the impending implementation of the California Consumer Privacy Act (CCPA).
“This survey encapsulates the priorities and decision-making process organizations are pursuing to ensure ingrained privacy and compliance,” said Trevor Hughes, CIPP, CEO, IAPP. “By providing a better understanding of the practices followed across the industry, the survey results can help organizations benchmark, budget, and plan for how to use and deploy technology to enhance their privacy programs.”
Key findings from the survey include:
Data mapping, data discovery, assessment management, and individual rights are top growing privacy tool categories:
- The top purchase plans for the next twelve months include Data Mapping / Flow (24%), Data Discovery (23%), Assessment Management (20%) and DSAR / Individual Rights (18%).
- Compared to last year’s survey, demand for Privacy Legal Updates and Information Management solutions has grown by 5%.
- Survey results showed similar privacy tech-purchasing habits among companies, regardless of size or whether in highly regulated (e.g., financial and health) or non-regulated industries.
Privacy department plays large role in purchase process:
- Privacy teams are the leading decision input for 9 of the 11 tool categories; The top four include Program Assessments (37%), Legal Updates (36%), Data Mapping (31%), and Individual Rights (31%).
- Privacy teams are the top budget sources for Privacy Assessment (51%), Privacy Legal Updates (45%), Individual Rights (41%), Data Mapping (35%), and Data Subject Consent (34%) tools.
To download the complete findings, click here.
About the Research
The survey was fielded in March 2019 to the IAPP’s Daily Dashboard newsletter, which reaches 46,000 subscribers from around the globe. The results are based on the response from 345 privacy professionals (primarily in-house, consultants and legal) based in the U.S. (45%), EU/Non-UK (28%), UK (12%), Canada (6%), Asia Pacific (5%) and Other (5%). While all key industry sectors were represented among the respondents, the five top industries were software and services (17%), consulting services (13%), legal services (10%), health care/pharmaceutical (8%) and financial services (6%).
The eleven technology categories surveyed were: Network activity monitoring, Secure enterprise communications, Website scanning and cookie compliance, Privacy legal updates and information management, Incident response, Privacy program assessment and management, Data mapping and data flow, DSAR/individual rights management, Data subject consent, Personal data discovery, and De-identification/pseudonymity.
TrustArc, the leader in privacy compliance and data protection for over two decades, offers an unmatched combination of innovative technology, expert consulting and TRUSTe certification solutions, that together address all phases of privacy program management. The TrustArc Platform, fortified over eight years of operating experience, across a wide range of industries and client use cases, along with our extensive services, leverage deep privacy expertise and proven methodologies, which have been continuously enhanced through thousands of customer engagements. Headquartered in San Francisco, and backed by a global team across the Americas, Europe, and Asia, TrustArc helps customers worldwide demonstrate compliance, minimize risk and build trust. For more information, visit the TrustArc website, blog and LinkedIn.
About the IAPP
The International Association of Privacy Professionals is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally. More information about the IAPP is available at iapp.org.