According to the latest report from the International Association of Privacy Professionals (IAPP), the privacy technology market continues to show strong signs of growth, primarily driven by new compliance imperatives. Today, organizations have a lot more options when it comes to enterprise privacy tools.
The 2017 Privacy Tech Vendor Report from the IAPP analyzes the various classes of privacy tools that are now helping organizations reach their business and privacy management goals. The scale and scope of new tools being developed suggests a bright future for the privacy technology space, which could really explode into prominence in 2018.
The current and future drivers for the privacy technology market
The primary driver for the privacy technology market, of course, is the upcoming European General Data Protection Regulation (GDPR), which goes into effect in mid-2018. It’s impossible to talk about the future of the privacy technology market without focusing on the GDPR, which places an enormous compliance burden on organizations.
So it’s perhaps no surprise that a major focus of privacy technology vendors has been supplying the types of tools for organizations to reach full GDPR compliance. According to Jedidiah Bracy, Editor for Privacy Perspectives and Privacy Tech at the IAPP, “The GDPR is almost single-handedly driving the growth in privacy technology, and it hasn’t even come into force yet. It’s a little hard to speculate on non-compliance drivers when compliance is driving with a heavy foot on the gas and no stop signs anywhere in sight.”
For now, the enterprise space is where much of the new activity is happening. As Bracy suggests, scalability and efficiency are front and center when it comes to the adoption of privacy tools: “In the enterprise space and in addition to compliance needs, many of the privacy technology solutions we’ve seen also help the privacy office conduct operations at scale and more efficiently.”
The privacy technology market and the growth of innovative new technologies
According to the conventional wisdom, the GDPR will result in a chilling effect on technological innovation, especially with regard to technologies like artificial intelligence (AI) and machine learning, both of which are very dependent upon a free flow of data within the enterprise. However, as a roundtable of experts recently opined at a GDPR innovation briefing in Brussels, the opposite could be true: the GDPR could lead to a growth in the adoption rates of innovative technology.
The IAPP report echoes those findings. As the IAPP points out, privacy tools are evolving in ways that were not originally expected. For example, AI has shown surprising promise in helping organizations deal with the vast amount of data that they are creating, and then find a way to map it and extract value from it, such as through the development of new data-driven products.
As Bracy suggests, new AI technologies are actually very complementary to some of the privacy tools being developed for organizations: “In the enterprise space, some of those disruptive technologies, namely AI, are being leveraged to help organizations discover sensitive data they didn’t know they had, create dynamic data maps of where that data is located and flowing to and from.”
One important point to keep in mind, says Bracy, is that in order to reach full compliance with GDPR, organizations cannot work directly with the data of individuals without their specific consent. Thus, the race is on to alter or anonymize the data such that the identity of the original user is no longer known. The IAPP report mentions tools based around de-identification or pseudononymization technologies, as well as new types of consent technologies. As we’ve seen before with the healthcare and pharmaceutical markets, this is a compliance approach that is relatively convenient to implement, while not acting as a brake on innovation.
Privacy tools and the needs of privacy professionals
When thinking about the growth of the privacy tools market, it’s easiest to think in terms of a portfolio of tools that can be used for a variety of different purposes. For example, the IAPP report distinguishes between Enterprise Privacy Management (EPM) and Privacy Program Management (PPM) tools. The EPM tools represent a way to map data and extract the greatest value from it, whereas PPM tools are more aligned with the needs of privacy office professionals.
The goal, of course, is to use the right mix of tools from the portfolio at the right time. That’s why it’s so important to be aware of new trends in the privacy technology space, especially those being created for B2B organizations to maximize the value of their data.
Bracy acknowledges that EPM solutions, which are about value creation, can be harder to implement than PPM solutions, which are compliance-centric. EPM solutions generally involve buy-in from the IT department, the CISO/CIO, and others. But they are extremely promising once they are implemented: “Such solutions could be data discovery solutions that crawl through structured and unstructured data sets to locate sensitive personal data so organizations can triage risk… These help with compliance, sure, but they also provide business intelligence and help develop data-driven products that contribute to the bottom line.”
Future areas of innovation and development
However, while technology offers a solution, it does not offer the only solution. For an executive or manager in an organization, it might be easy to assume that technology is always the answer. However, as an important first step, organizations need to wrap their arms around the vast amount of data they are creating, and understand how it flows throughout the organization to create value.
In short, organizations need to assess how much data they have before implementing some of the privacy tools described in the IAPP report. As Bracy suggests, “In broad terms, the biggest problem area companies experience right now is simply knowing what data they have, where it’s stored, and what consent and permissions are attached to it. Vendors are racing to help companies get a holistic view of their data so they can know where their risk is and where their opportunity lies.”
Responsive privacy technology market
The good news, of course, is that the privacy technology market has proven to be very responsive to the needs of privacy professionals. If you need it, they will build it. That might sound a bit too naive, especially given all the concerns about the implementation of the GDPR or other privacy laws and regulations, but the IAPP report on privacy technology vendors certainly offers hope that the right privacy tools are going to appear at the right time to help organizations deal with the increasingly complex and sophisticated issues of protecting personal information and privacy in the digital era.