Report: SMB’s unprepared to tackle data privacy
Embedded sensors, Internet of Things (IoT), and social media companies collect more data than ever before, and analytics is turning that information into a competitive advantage. However, the public and political backlash to unfettered data collection and a lack of transparency about data use is also growing.
How can companies meet the growing demand for data privacy, without stifling innovation, and who will lead these initiatives? TechRepublic Premium conducted an online survey of IT professionals to find out.
The survey asked the following questions:
- Which department has primary responsibility for data privacy within your organization?
- Who is the privacy leader within your organization?
- If your company has a dedicated data privacy team, how many employees does it include?
- Which of the following steps has your organization taken or is currently taking around data privacy?
- What are barriers to data privacy within your organization?
- What tools has your business implemented or are considering to implement to aid in data privacy?
- Is your organization currently meeting all General Data Protection Regulation (GDPR) requirements?
- Is your organization currently meeting all California Consumer Privacy Act (CCPA) requirements?
The majority of survey respondents (51%) reported that IT is responsible for their organization’s data privacy. Further, the privacy leader within the respondents’ organizations ranged from chief information officer (CIO)/chief technology officer (CTO) at 21%, Data protection officer (DPO) at 16%, chief information security officer (CISO) at 11%, chief privacy officer (CPO) at 8%, and general counsel/chief counsel/chief legal officer (CLO) at 5%. In addition, 19% of respondents were unsure who their privacy leader was, 16% said “other,” and 5% said their organization was in the process of creating a position for this task.
Challenges to data privacy implementation ranged from corporate culture (37%), lack of knowledge (35%), financial cost (33%) or lack of resources (33%), integration with existing tools (28%), and lack of either technical skills (25%) or leadership (24%).
Other respondents cited the complexity of General Data Protection Regulation (GDPR) (18%), lack of available technology (8%), and a business model that relies on user surveillance (8%) as challenges to enabling data privacy.
In terms of GDPR compliance, 16% of applicable respondents admitted that their organizations were not meeting requirements, 16% were still in the process of meeting requirements, or they were unsure (26%) about their company’s compliance. Of respondents, 35% were meeting all GDPR requirements.
To read all of the results from the survey, plus analysis, download the full report here: Report: SMB’s unprepared to tackle data privacy.