Preparing For Shifting Data Privacy Laws: Data Leader Perspective
The legal landscape of data privacy is becoming more complex as regions bring new and sometimes conflicting laws into effect. How are data leaders approaching new and changing data privacy laws at their organizations?
One minute insights:
- Organizations collect multiple types of data and must contend with a variety of regional data privacy laws
- Despite the challenging landscape for data privacy laws, leaders are confident they can keep up with compliance
- Managing a data team through changing laws requires speed, clear communication and cross-functional collaboration
- Leaders are preparing for new and changing data privacy laws by conducting mandatory training and adopting data governance frameworks
- Respondent’s visions for the future of data privacy include dreams of more coordinated laws across regions and technology that can help them keep up with compliance
Organizations are managing a complex landscape of multiple types of data and regional privacy laws
91% of respondents indicate that their organization collects internal data about employees and operations.
Most respondent organizations (91%) collect more than one type of data between internal data, customer data, and product and services data.
In addition, 81% of all respondents say their organization must contend with data privacy laws across multiple regions.
Respondents who have managed a team through changing data privacy laws say the need for clarity, speed and agility were important lessons
Just over half (53%) of respondents have had to manage a data team through a change in data privacy laws.
Lessons Learned: Don’t waste time. Establish processes and automate where possible
Question: What is the most important lesson you learned about managing data teams through a change in data privacy laws?
Question shown only to respondents who answered “Yes” to the question “Have you previously had to manage a data team through a change in data privacy laws?”
n = 106
Start as early as aware so as to allow ample time for all necessary teams to make changes!
Having a well documented data model is critical. Centralizing information for reporting and automating that reporting is key to avoid overloading operations teams.
Creativity in compliance is a major positive factor. How you solve a particular compliance requirement makes a huge difference in ongoing compliance and overall cost.
Most organizations are compliant with current data privacy laws and respondents are confident they can keep up with changing laws
75% of all respondents say their organization has achieved compliance with all required data privacy laws, with 31% following additional best practices.
Most respondents (58%) feel moderately confident about their organization’s ability to achieve compliance as laws are introduced or updated. Only 4% feel slightly or moderately concerned.
Lessons Learned: Keep it focused and actionable
Question: What is the most important lesson you learned about managing data teams through a change in data privacy laws?
Question shown only to respondents who answered “Yes” to the question “Have you previously had to manage a data team through a change in data privacy laws?”
n = 106
Get a clear baseline, identify your gaps so you know what you are working towards.
Be specific of the scope as well as the impact of the change, and focus on the most critical/impactful data assets.
Focus on the specifics of what needs to be done and put them into achievable/measurable tasks.
Tracking and complying with changing data privacy laws often involves collaboration with privacy, legal and/or compliance teams
The most common methods to keep track of new and changing data privacy laws are ad-hoc collaborations. 73% said they collaborate with privacy, legal or compliance teams in this way, and 42% said they collaborate with security and/or risk teams.
40% of respondents have an established steering committee involved in keeping track of data privacy law changes.
For 37% of respondent organizations, the ultimate responsibility for ensuring compliance with data privacy laws lies with privacy, legal and/or compliance teams. 29% say it is a collaborative effort across governance, risk and compliance.
Lessons Learned: Good communication and cross-functional collaboration are a must
Question: What is the most important lesson you learned about managing data teams through a change in data privacy laws?
Question shown only to respondents who answered “Yes” to the question “Have you previously had to manage a data team through a change in data privacy laws?”
n = 106
Ensure that legal is part of the team or in collaboration with the team.
[Make] people understand the ramification of the law and how to mitigate it: what are the risks and what will be the impact of those risks.
Provide training resources and FAQs to all team members. Provide an outlet for questions and management of issues.
Most organizations do not have a data ethics committee, but data teams are adopting initiatives to prepare for changing data privacy laws
Only 28% of all respondents say their organization has a data ethics committee.
While 35% plan to implement such a committee, nearly as many (31%) do not.
Most leaders whose teams are adopting initiatives in preparation for new or changing data privacy laws (n = 157) indicate that their data team adopted mandatory data privacy training for employees (54%). Other commonly adopted initiatives among respondents include data governance framework implementation (45%) and privacy impact assessments (31%).
Dream scenarios for the future of data privacy laws
Question: What is your dream scenario for the future of data privacy laws?
n = 200
That a global standard can be achieved and maintained. The regional differences and changing regulations and requirements cause many issues and productivity loss.
The Data Ethics Committee becoming a driving force in the company strategy and data privacy processes becoming a relevant competitive advantage of our company.
They would become more centralized and streamlined. Ideally they would not contradict one another like they do today. In some cases to become compliant with one law, you have to break another that is trying to accomplish the same thing, only a bit differently.
A data management platform [...] embedded with data privacy and enforcement features that is dynamically aware [of] the changing data privacy landscape, and it is also integrated with data workflows.
Want more insights like this from leaders like yourself?
Click here to explore the revamped, retooled and reimagined Gartner Peer Community. You'll get access to synthesized insights and engaging discussions from a community of your peers.