How well does your company embrace data privacy?
We know that data privacy is complex.
Even the most seasoned privacy experts agree it’s challenging to stay on top of ever-changing privacy laws, such as updates to the European Union’s (EU) general data protection regulation (GDPR) or the California Consumer Privacy Act (CCPA).
So it’s not surprising that compliance with recent regulations was reported as the number one privacy risk by participants in TrustArc’s 2022 Global Privacy Benchmark Survey.
Compliance tops data privacy risks
In fact, four of the top nine data privacy risks nominated by respondents to our 2022 Benchmark Survey are related to compliance in some way:
- Complying with recent regulations that have been put into force or will be in 2022 (37%)
- Implementing new cross-border data transfer mechanisms across geographies (22%)
- Maintaining a patchwork of separate local privacy compliance requirements (11%)
- Compliance risks from regulatory oversight and penalties (10%)
- Reputational risks from social media (6%)
- Third-party risk and resilience in your supply chain management (5%)
- Technology shifts (e.g., third party cookies, Google changes to cookie collection) (4%)
- Threats from within by employees (4%)
- Maintaining a patchwork of privacy solutions that are difficult to integrate with one another (3%).
(Note: The results show the percentage of respondents who ranked a risk as their number one risk in the privacy challenges they face.)
But managing privacy is more than just compliance with data laws
Organizations that embrace privacy know it’s no easy feat. It demands a constant and vigilant data security stance across almost every part of the business.
Arguably, the term “privacy compliance” falls short.
While governments continue to update existing data privacy laws and draw up new regulations, keeping abreast of data privacy laws is a key priority.
However, the challenges and opportunities associated with managing sensitive data extend well beyond managing compliance.
Here is why:
The pandemic accelerated digital transformation – and data privacy risks
Certainly, the pandemic made managing data privacy even more difficult.
Most organizations were forced to rely heavily on third-party technologies to keep their people connected and collaborating on day-to-day business activities.
This immediately raised concerns about vendor risk management and other third-party risk as employees and business partners shifted to online-first ways of working, often involving personal data connections and devices outside an organization’s immediate control.
Similarly, organizations that accelerated their digital transformation plans to serve customers online-first (especially while access to physical premises was restricted) had to update not only their protective measures when handling more data, but also their policies and day-to-day processes.
Now, as more people have returned to work at their employers’ premises, companies must deal with extra data privacy challenges related to managing COVID-19 risks, such as recording and reporting employee body temperature data or testing results.
Digital transformation means privacy management costs more
As more organizations adopt new digital tools to improve their operations and competitiveness, we’ve seen privacy management move up the budget priority list.
Historically, securing budget for more leaders, resources and activities related to privacy management was a mammoth task.
Back in 2020 when TrustArc conducted the first annual Global Privacy Benchmark Survey we found that although the pandemic put a dent in privacy spending, more than two-fifths (41%) of respondents expected to maintain increased privacy budgets.
Now we are seeing even more organizations invest in the people, technologies and third-party guidance they recognize they need to improve their privacy programs.
Pleasingly, companies aren’t merely driven by a fear of privacy regulators, but because they see the advantage of treating privacy as a core value instead of an afterthought.
TrustArc’s seven keys to strengthening your data privacy stance
Each year our annual Global Privacy Benchmark Survey has been conducted, we have reported that measurement is a vital contributor to successfully improving privacy.
Still, we’ve also found that although medium and large enterprises commonly have privacy offices and measurement methods in place, there are wide variation in where these privacy teams fit in their organizations.
We’ve also found there isn’t a consensus – yet – on the best ways to manage and measure privacy.
We recommend that privacy becomes a core part of business strategy, with a strong privacy stance directed from the top and managed well at every level of an organization.
In our experience, companies that get it right build greater trust inside and outside their organizations and gain big competitive advantages.
The seven keys are:
- Making sure privacy is an important consideration in day-to-day business decisions
- Having the Board of Directors regularly review and discuss privacy matters
- Pursuing privacy as a core part of business strategy
- Embracing privacy practices as a key differentiator
- Being mindful of privacy as a business
- Ensuring every employee can formally raise a privacy issue with confidence that there will be no reprisal
- Sufficiently training employees in privacy matters.
Three important reasons to embrace data privacy
1. Build consumer trust
In 2020 TrustArc invited our customers (via third-party customer validation tool TechValidate) to share their views on why having a strong privacy program was important to their company.
The overarching sentiment from TrustArc customers is that having a strong privacy program means customers of their businesses can trust their data handling practices without fear of breaches or misuse.
Such a sentiment shows many organizations are genuinely putting consumers first when investing in privacy programs to enhance their digital offerings.
It’s not about checking a box for compliance: it’s about fostering deep trust between consumers and the company.
These companies know consumers are now much more aware of data privacy risks and care about how their personal data is used.
Therefore reputational damage from a breach of data privacy laws can be just as crippling as a regulatory fine.
In the TechValidate survey, a data protection officer at a medium enterprise consumer products company that works with TrustArc stated that,
“A strong privacy program goes beyond regulation and is built on a culture of data ethics. It is part of building and sustaining customer and employee trust.”
2. Privacy is now a major competitive differentiator
As data privacy matters to more people, organizations must adopt a stronger privacy stance across every part of their businesses involving digital technology and data.
We believe privacy can be a source of innovation, instead of an innovation killer. Your organization can make your privacy stance a major competitive differentiator by:
- Embracing a strong culture of proper data privacy ethics; and
- Ensuring privacy is deeply rooted in every product and service.
A great example of a company making its privacy stance public to gain consumer trust appeared in 2019, when Apple promoted privacy as a key message in its marketing campaigns for the iPhone.
Early that year Apple announced its intentions at CES (Consumer Electronics Show) in Las Vegas with a neat twist on the infamous Sin City catchphrase: “What happens on your iPhone, stays on your iPhone.”
Later in 2019, Apple amplified its privacy message in a well-produced video highlighting all the ways we expect privacy in our daily lives (tinted windows, locks, document shredders, etc.) and confidently declared:
“If privacy matters in your life, it should matter to the phone your life is on. Privacy. That’s iPhone.”
Apple’s promotion of its privacy stance was a clear acknowledgement that privacy factors strongly into a consumer’s purchasing decision and that Apple wanted to prove it was better than its competitors at giving consumers the privacy they want.
3. Privacy is not a fad
People’s expectations for organizations to properly manage and protect their data privacy aren’t going to shrink just because more of their lives are powered by digital technologies.
Privacy isn’t a fad that will go out of fashion.
Consumers are increasingly aware of data privacy laws and demand organizations respect their privacy or pay the consequences.
This means all organizations need to stay on top of changes in data privacy laws around the world and prove they are meeting people’s demands and rights to privacy if they want to maximize consumer trust and minimize risk.
Nymity Privacy Framework
Explore the Nymity Privacy Management Accountability Framework (PMAF), a practical and operational structure for complying with the global privacy requirements.
Learn moreAutomate Your Privacy Program
Centralize privacy tasks, automate your program, and seamlessly align with laws and regulations.
Learn more