TMCnet News
News release: Benchmarking research reveals an increased use in technology in businesses to achieve GDPR compliancePress Release New IAPP and TrustArc benchmarking research reveals increased use of technology to manage privacy operations Data mapping, data subject access rights requests and management data protection impact assessments have become common practice SAN FRANCISCO — December 5, 2018 —TrustArc, the leading data privacy management company, and the International Association of Privacy Professionals (IAPP), the world’s largest global information privacy community, have announced the results of new benchmarking research that examined the current state of privacy programme management. The research shows that critical activities such as creating data inventories, conducting data protection impact assessments (DPIA) and managing data subject access rights requests (DSAR) are now well established in large and small organisations in both Europe and the United States. To understand the different types of privacy and security operations, who is running them and where, TrustArc and the IAPP surveyed close to 500 privacy professionals in the U.S., EU, UK and Canada. Key findings from the survey include: Data inventory is becoming a standard privacy management practice ? 83% have created a data inventory of their business processing activities, which is a significant increase from the 43% of respondents who reported engaging in routine inventory and mapping exercises two years ago. ? 20% are using specialised data inventory and mapping software, up from 10% two years ago Individual rights / data subject access rights (DSAR) requests impacting most organisations ? 72% report receiving one or more DSAR requests since GDPR went into effect May 25, 2018. ? 47% receive 1-10 requests / month; 16% 11-99 requests / month; 9% 100 or more requests / month. ? 30% have partially automated DSAR management; 3% have fully automated and 57% are using a manual process. DPIAs are the most common type of privacy assessments ? 75% of respondents subject to the GDPR report they have completed one or more Data Protection Impact Assessments (DPIAs). ? 46% use technology tools for DPIA management, including 20% who use a specialised software solution; 47% use a manual process, down from 66% two years ago. ? DPIAs, Privacy Impact Assesments (PIAs), and Vendor / Third Party Risk are the most popular type of privacy assessments, and are used significantly more often than popular security assessments such as ISO 27001 and NIST. Data breach notification requirements impacting larger companies ? 27% of respondents from large organisations report filing one or more breach notifications vs 16% from small organisations. “Among our thousands of members, we know that privacy teams are now reporting on a regular basis to company leadership, and consequently they need to demonstrate results and a return on investment,” said Trevor Hughes, CEO and President of the IAPP. “With this new study, we are helping to identify and develop the metrics that our members require.” “GDPR, CCPA and other global privacy regulations have forced organisations to account for how they manage data,” said Chris Babel, CEO of TrustArc. “The results of this global survey reinforce the growing role of privacy management solutions in addressing these issues and the importance organisations are placing on demonstrating compliance to regulators and consumers.” To download the complete findings, please visit: https://info.trustarc.com/Web-Resource-2018-12-01-Privacy-Operations-ResearchReport_LP.html About the Research The survey was fielded from October 23 to November 6, 2018 to the IAPP Daily Dashboard newsletter, which reaches 41,000 subscribers from around the globe. The results are based on the response from 496 privacy professionals (primarily in-house, legal and consultants) based in the U.S. (39%), EU/Non-UK (32%), Canada (8%), UK (12%) and Other Countries (9%). Among the many industries represented in the survey, the five top industries were the software and services, business services and supplies, government, health care, and education/academia. About TrustArc TrustArc, the leader in privacy compliance and data protection for over two decades, offers an unmatched combination of innovative technology, expert consulting and TRUSTe certification solutions, that together address all phases of privacy programme management. The TrustArc Platform, fortified over eight years of operating experience, across a wide range of industries and client use cases, along with our extensive services, leverage deep privacy expertise and proven methodologies, which have been continuously enhanced through thousands of customer engagements. Headquartered in San Francisco, and backed by a global team across the Americas, Europe, and Asia, TrustArc helps customers worldwide demonstrate compliance, minimise risk and build trust. For more information, visit the TrustArc website, blog and LinkedIn. For media inquiries, please contact: Fourth Day PR Xanthe Vaughan Williams, Jessica Gilbert [email protected] ; [email protected] About the IAPP The International Association of Privacy Professionals is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organisation that helps define, support and improve the privacy profession globally. More information about the IAPP is available at iapp.org. For media inquiries, please contact: [email protected] [email protected] As a community-building service, TMCnet allows user submitted content which is not always proofed by TMCnet editors. If you feel this entry is of inferior quality or wish to report it for some reason, please forward the URL to "webedit [AT] tmcnet [DOT] com" with your comments. |