There has been no rest for privacy professionals coming out of last year’s GDPR compliance activities. With California (CCPA) and other jurisdictions bringing in new and/or amended privacy legislation, putting increasing demands on the privacy office, it isn’t surprising that privacy professionals are feeling anxious. What other challenges are privacy professionals facing in managing their privacy compliance efforts? What is the reality of where they are spending their time? How integrated is the rest of the business in privacy compliance activities?
To get to the heart of these questions, this spring, we launched our first Privacy Pulse survey where we heard from over 100 North American privacy professionals.
What is the current pulse of the privacy office?
Privacy has become a more integral part of their business plan and strategy, however, more than half of respondents rated their business’ privacy knowledge at moderate to very low. While they would prefer to spend more of their time on privacy and compliance awareness and education, they are putting a significant amount of time and effort into documenting policies and procedures. This is carrying over to the functional business areas who are also spending a substantial amount of their privacy compliance related activities on documentation and data inventories.
The challenges with documentation may also be leading to difficulty with regulatory reporting with an overwhelming number of survey respondents indicating it would take two or more days to report to regulators if required. This is surprising as industry-leading software enables privacy professionals to report in minutes rather than days. Boards are also becoming more interested in privacy activities, requiring reporting at regular intervals which reflects the elevated role of privacy in successful business strategy.
What does the future hold?
The role of the privacy office has gone through a renaissance over the last few years. As the regulatory environment has become more complex and the business impact of non-compliance has become more significant, privacy has evolved into an integral part of the overall business strategy and planning. There is an overwhelming belief that privacy will become increasingly integrated, or even embedded, into business operations. There is also a consensus that privacy will become more complex, and data governance will be increasingly important as additional data types such as geolocation, biometric and industrial internet of things potentially come under the purview of data protection legislation.