Preparing For Shifting Data Privacy Laws: Data Leader Perspective
The legal landscape of data privacy is becoming more complex as regions bring new and sometimes conflicting laws into effect. How are data leaders approaching new and changing data privacy laws at their organizations?
One minute insights:
Organizations collect multiple types of data and must contend with a variety of regional data privacy laws
Despite the challenging landscape for data privacy laws, leaders are confident they can keep up with compliance
Managing a data team through changing laws requires speed, clear communication and cross-functional collaboration
Leaders are preparing for new and changing data privacy laws by conducting mandatory training and adopting data governance frameworks
Respondent’s visions for the future of data privacy include dreams of more coordinated laws across regions and technology that can help them keep up with compliance
Organizations are managing a complex landscape of multiple types of data and regional privacy laws
91% of respondents indicate that their organization collects internal data about employees and operations.
What types of data does your organization collect? Select all that apply.
Most respondent organizations (91%) collect more than one type of data between internal data, customer data, and product and services data.
Number of data types collected at respondent organizations
Percentages calculated based on responses to “What types of data does your organization collect?”. Three types of data collected: Respondents who selected all three options. Two types of data collected: Respondents who selected any two of the three options. One type of data collected: Respondents who selected any one of the three options.
In addition, 81% of all respondents say their organization must contend with data privacy laws across multiple regions.
Does your organization have to contend with data privacy laws across multiple regions?
n = 200
Respondents who have managed a team through changing data privacy laws say the need for clarity, speed and agility were important lessons
Just over half (53%) of respondents have had to manage a data team through a change in data privacy laws.
Have you previously had to manage a data team through a change in data privacy laws?
n = 200
Please join or sign in to view more content.
By joining the Peer Community, you'll get:
- Peer Discussions and Polls
- One-Minute Insights
- Connect with like-minded individuals
Lessons Learned: Don’t waste time. Establish processes and automate where possible
Question: What is the most important lesson you learned about managing data teams through a change in data privacy laws?
Question shown only to respondents who answered “Yes” to the question “Have you previously had to manage a data team through a change in data privacy laws?”
n = 106
Start as early as aware so as to allow ample time for all necessary teams to make changes!
Having a well documented data model is critical. Centralizing information for reporting and automating that reporting is key to avoid overloading operations teams.
Creativity in compliance is a major positive factor. How you solve a particular compliance requirement makes a huge difference in ongoing compliance and overall cost.
Most organizations are compliant with current data privacy laws and respondents are confident they can keep up with changing laws
75% of all respondents say their organization has achieved compliance with all required data privacy laws, with 31% following additional best practices.
What level of compliance has your organization achieved with current applicable data privacy laws?
n = 200
Note: May not add up to 100% due to rounding
Most respondents (58%) feel moderately confident about their organization’s ability to achieve compliance as laws are introduced or updated. Only 4% feel slightly or moderately concerned.
How do you feel about your organization’s ability to achieve compliance as laws are introduced or updated?
Note: May not add up to 100% due to rounding
Lessons Learned: Keep it focused and actionable
Question: What is the most important lesson you learned about managing data teams through a change in data privacy laws?
Question shown only to respondents who answered “Yes” to the question “Have you previously had to manage a data team through a change in data privacy laws?”
n = 106
Get a clear baseline, identify your gaps so you know what you are working towards.
Be specific of the scope as well as the impact of the change, and focus on the most critical/impactful data assets.
Focus on the specifics of what needs to be done and put them into achievable/measurable tasks.
Tracking and complying with changing data privacy laws often involves collaboration with privacy, legal and/or compliance teams
The most common methods to keep track of new and changing data privacy laws are ad-hoc collaborations. 73% said they collaborate with privacy, legal or compliance teams in this way, and 42% said they collaborate with security and/or risk teams.
40% of respondents have an established steering committee involved in keeping track of data privacy law changes.
How do you keep track of new and changing data privacy laws that apply to your organization? Select all that apply.
n = 200
Other 0%
For 37% of respondent organizations, the ultimate responsibility for ensuring compliance with data privacy laws lies with privacy, legal and/or compliance teams. 29% say it is a collaborative effort across governance, risk and compliance.
Who is ultimately responsible for ensuring compliance with data privacy laws at your organization?
Lessons Learned: Good communication and cross-functional collaboration are a must
Question: What is the most important lesson you learned about managing data teams through a change in data privacy laws?
Question shown only to respondents who answered “Yes” to the question “Have you previously had to manage a data team through a change in data privacy laws?”
n = 106
Ensure that legal is part of the team or in collaboration with the team.
[Make] people understand the ramification of the law and how to mitigate it: what are the risks and what will be the impact of those risks.
Provide training resources and FAQs to all team members. Provide an outlet for questions and management of issues.
Most organizations do not have a data ethics committee, but data teams are adopting initiatives to prepare for changing data privacy laws
Only 28% of all respondents say their organization has a data ethics committee.
While 35% plan to implement such a committee, nearly as many (31%) do not.
Does your organization have a data ethics committee?
n = 200
Note: May not add up to 100% due to rounding
Most leaders whose teams are adopting initiatives in preparation for new or changing data privacy laws (n = 157) indicate that their data team adopted mandatory data privacy training for employees (54%). Other commonly adopted initiatives among respondents include data governance framework implementation (45%) and privacy impact assessments (31%).
What initiatives has your data team adopted to prepare for new or changing data privacy laws? Select all that apply.
n = 157
Implement privacy portal or hub 21% | Improve data process documentation 21% | Determine data ownership 17% | Define procedures for data subject requests 15% | Implement Zero Trust architecture 13% | Appoint or hire role dedicated to data governance 10% | Streamline data workflows and mapping 9% | Replace direct identifiers with pseudonyms 4% | Other 0%
All respondents; Excluding those who selected “We are already fully prepared” and those who selected “No specific initiatives at this time”
Dream scenarios for the future of data privacy laws
Question: What is your dream scenario for the future of data privacy laws?
n = 200
That a global standard can be achieved and maintained. The regional differences and changing regulations and requirements cause many issues and productivity loss.
The Data Ethics Committee becoming a driving force in the company strategy and data privacy processes becoming a relevant competitive advantage of our company.
They would become more centralized and streamlined. Ideally they would not contradict one another like they do today. In some cases to become compliant with one law, you have to break another that is trying to accomplish the same thing, only a bit differently.
A data management platform [...] embedded with data privacy and enforcement features that is dynamically aware [of] the changing data privacy landscape, and it is also integrated with data workflows.
Want more insights like this from leaders like yourself?
Click here to explore the revamped, retooled and reimagined Gartner Peer Community. You'll get access to synthesized insights and engaging discussions from a community of your peers.
Respondent Breakdown
Note: May not add up to 100% due to rounding
Respondents: 200 IT and data and analytics leaders involved in data governance and compliance at their organization