Image: Getty Images/iStockphoto

Despite the common refrain of  “it’s not a matter of if, but when” in relation to dealing with a privacy breach, companies are still struggling to implement data privacy protocols, according to a recent TechRepublic Premium survey. 

Of the 186 professionals surveyed in July 2020, 37% said that their company did not have a dedicated privacy team, and 44% said their company’s privacy team had one to five employees. Only 6% of respondents claimed 10 or more members on their company’s privacy team. 

SEE: Report: SMB’s unprepared to tackle data privacy (TechRepublic Premium)

Barriers to data privacy

Other barriers to data privacy ranged from corporate culture (37%), lack of knowledge (35%), financial cost (33%) or lack of resources (33%), integration with existing tools (28%), and lack of either technical skills (25%) or leadership (24%). 

Other respondents cited the complexity of GDPR (18%), lack of available technology (8%), and a business model that relies on user surveillance (8%) as challenges to enabling data privacy. 

The General Data Protection Regulation (GDPR), a set of regulations designed to protect the data security and privacy of all EU citizens and any business entity that transacts with them, went into effect May 25, 2018. Yet 16% of applicable respondents admitted that their organizations were not meeting requirements, 16% were still in the process of meeting requirements, or they were unsure (26%) about their company’s compliance. Of respondents, 35% were meeting all GDPR requirements. 

In terms of the California Consumer Privacy Act (CCPA) requirements, a state statute intended to enhance privacy rights and consumer protection specifically for California residents, 26% of applicable respondents were meeting or in the process of meeting all requirements, 14% were not meeting requirements, and 28% were unsure of their company’s compliance. 

SEE: Report: SMB’s unprepared to tackle data privacy (TechRepublic Premium)

A wide range of tools are available to help companies carry out their data privacy initiatives. The majority of respondents are implementing or considering implementation of data backup/recovery solutions (62%). More than half of respondents use or are considering to use endpoint protection (54%), data loss prevention (52%), and encryption software (52%). Close to half of the respondents (48%) use or may use Identity and Access Management (IAM) or (43%) Mobile Device Management (MDM). Other tools being used or considered consist of compliance software (30%), Customer Data Management (CDM) platforms (19%), and consent management applications (16%). 

Who is responsible for protecting data privacy?

The majority of survey respondents (51%) reported that IT is responsible for their organization’s data privacy. Further, the privacy leader within the respondents’ organizations ranged from chief information officer (CIO)/chief technology officer (CTO) at 21%, Data protection officer (DPO) at 16%, chief information security officer (CISO) at 11%, chief privacy officer (CPO) at 8%, and general counsel/chief counsel/chief legal officer (CLO) at 5%. In addition, 19% of respondents were unsure who their privacy leader was, 16% said “other,” and 5% said their organization was in the process of creating a position for this task. 

The infographic below contains selected details from the research. To read more findings, plus analysis, download the full report: Report: SMB’s unprepared to tackle data privacy (available for TechRepublic Premium subscribers).