The Call for Legal and Compliance to Minimize Data Privacy Risk

Legal and compliance leaders should build a culture of responsible data use to maintain customer trust and control and prevent data breaches.

Peter, a new sales associate at a food and beverage company, copied part of the client database onto his personal device so he could work while on the road. His USB is not encrypted and unknowingly, he exposed the company to a higher risk of a serious data breach.

Employees are the biggest source of privacy risk. In fact, 59% of privacy incidents originate with an organization’s own employees. Worse still — 45% of employee-driven privacy failures come from intentional behavior (though it may not be malicious).

Gartner Top 2021 Legal Tech Predictions

Top trends changing in-house legal departments

Watch Webinar

Often, business leaders take a reactive approach, or don’t consider this risk to be a problem until it’s too late. This approach does not serve them well, as privacy and data protection becomes more complex as organizations move more applications to cloud providers, adopt postmodern enterprise resource planning (ERP) strategies and start platform businesses.

Who owns privacy management?

Gartner research predicts that by 2021, more than 60% of large organizations will have a privacy management program fully integrated into the business, up from 10% in 2017. For many organizations, the responsibility for privacy is either unclear or misguided, or both. The answer: Leaders from across the organization have a role to play in translating requirements and prioritizing risk mitigation action.

Similar to how executives approached data security 10 years ago, privacy management is often addressed after the fact and not embedded into the application life cycle. Legal and compliance leaders must ensure that all departments across the business use data correctly.

“Champion a change in mindset from compliance, certification and the avoidance of fines, to the responsible and ethical use of an individual’s data,” says Bart Willemsen, VP Analyst, Gartner. “This will result in increased trust in your applications, systems and your organization as a whole, while delivering positive-sum outcomes.”

What legal and compliance leaders should do

As legal and compliance leaders responsible for data strategy and governance, you can minimize risk and maximize trust by doing four things:

  1. Create a culture of consistent, responsible data use with senior leaders across all areas of your organization by following the seven principles of privacy by design.
  2. Work with privacy professionals to build a base level of privacy knowledge and monitor the effectiveness of training.
  3. Work with application leaders to review your application portfolio and retain strategic application vendors that share your approach to responsible data use.
  4. Work with application leaders to use alpha and beta testers and focus groups (preferably composed of customers, partners and employees) in the development of new application functionality and in reviewing existing application functionality.

Gartner for Legal & Compliance Leaders can read more in Working With GDPR: How Legal and Compliance Leaders Can Improve Data Protection.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching