Privacy and data protection are enforced by a growing number of regulations around the world. These predictions highlight for security and risk management leaders the correlation between new technology and regulatory impact, customer dependency, and commercial opportunity.
- People are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control.
- Myriad requirements protect privacy value and demand control over personal data throughout the data life cycle, forcing organizations to meet customer demand, demonstrate transparency and notice, use personal data purposefully, and exercise control over that data in every aspect of the life cycle.
- Regulations drive organizations to position a capable, empowered senior-level privacy officer to enable, monitor and enhance both compliance maturity and customer satisfaction.
- Subject rights request (SRR) and universal consent and preference management (UCPM) are among the tools purchased by organizations to establish and maintain their privacy programs. As the program evolves, additional technologies like pseudonymization, anonymization, masking and privacy preservation in analytics and business intelligence (ABI) are parts of the program’s evaluation.
Gartner recommends security and risk management (SRM) leaders do the following:
- Drive the privacy program at scale by automating repetitive and high-traffic use cases. Two areas that represent opportunities for automation are SRRs and UCPM.
- Be proactive by adopting governance agility instead of responding to each jurisdictional challenge. To get ahead of the curve; build a holistic and adaptive privacy program that scales across the organization.
- Ensure privacy risk is observed and managed across the organization by appointing a privacy or data protection officer (DPO); or, if the span of control needed is too large for one person to oversee, establish a central privacy office.
- Pursue enhanced privacy management, compliance insight and privacy control over personal data by first using existing capabilities from bordering disciplines. Plan to spend additional budget on new capabilities.