SlideShare ist ein Scribd-Unternehmen logo
1 von 29
Downloaden Sie, um offline zu lesen
© 2018 TrustArc Inc Proprietary and Confidential Information
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
PRIVACY INSIGHT SERIES
Privacy Risk Management - Emerging
Trends, Benchmarking Research and Best
Practices
December 19, 2018
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Thank you for joining the webinar “Privacy
Risk Management - Emerging Trends,
Benchmarking Research and Best Practices”
• We will be starting a couple minutes after the hour
• This webinar will be recorded and the recording
and slides sent out later today
• Please use the GotoWebinar control panel on the
right hand side to submit any questions for the
speakers
2
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Today’s Speakers
Sam Pfeifle
Content Director, IAPP
3
Hilary Wandall
General Counsel and Chief Data Governance
Officer, TrustArc
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Today’s Agenda
• Welcome & Introductions
• Methodology & Demographics
• Data Inventory & Mapping
• Assessing Risk
• DSARs & Breach Notifications
• Technology
• Questions
4
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Methodology & Demographics
5
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Methodology
• Sent to Daily Dashboard list – 41k people
• 496 responses
• Total of 27 questions
• Average response time of 7 minutes
6
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Demographics
7
Equally balanced
between the U.S and EU
Nearly evenly distributed
by company size
How many people are employed
globally by your organization?
In which of the following regions
are you currently based?
United States
39%
European Union
(excluding the U.K)
32%
United Kingdom
12%
Canada
8% 25,001 or more
26%
1-250
23%
1,001-5,000
18%
5,001-25,000
17%
251-1,000
16%Asia
4%
Other
5%
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Demographics
• Biggest sectors include Software and Services,
B2B, Health Care, Education, Financial Services,
Tech Hardware
• One third privacy compliance, one third privacy
legal, one third IT, IS, and distributed privacy
8
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Data Inventory & Mapping
9
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Data Inventory and Mapping
10
83% of organizations have created a data inventory
Percentage of business processes that have been
inventoried / mapped
NumberofResponders
[0, 10] [10, 20] [20, 30] [30, 40] [40, 50] [50, 60] [60, 70] [70, 80] [80, 90] [90, 100]
4 11 13
15
29
28
43
84 80
108
0
20
40
60
80
100
120
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Poll Question
11
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Data Inventory and Mapping
12
17% of organizations have not
70%
26%
9% 8%
We lack the
necessary
resources.
We do not think
we need to do
this.
We lack the
necessary
training.
Don't know.
Reasons for not inventorying business processes.
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Data Inventory and Mapping
13
How many Article 30
Reports has your
organizations
created?
1-5
24%
Don't know
19%
11-99
18%
100 or more
18%
None
15%
6-10
6%
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Poll Question
14
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Assessing Risk
15
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Assessing Risk
16
Which assessments does your organization
conduct?
60%
52%
48%
31%
29% 28% 27%
11% 10% 9%
5%
28%
DPIAs Vendor /
Third-Party
PIAs Legitimate
Interests
Data
Breach
Readiness
International
Data Transfers
ISO
27001
GDPR
High-Risk
Processing
Internet
Risk
NIST PTAs Other
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Poll Question
17
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Assessing Risk
18
How many DPIAs have you
conducted since May 25, 2018?
1-5
39%
None
17%
11-50
15%
6-10
12%
51 or more
9%
Don't know
8%
69%
28%
10%
4%
We do not
engage in
high risk
processing
activities.
We lack the
necessary
resources.
We lack the
necessary
training.
Don't know.
Reasons for not completing
DPIAs.
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Assessing Risk
19
84%
28%
25%
21%
15%
5%
In-house
team.
Outside legal
counsel.
Template from
regulatory or
government
agency.
Outside
consultant.
Template bundled
with an assessment
tool we purchased.
Don't
know.
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
DSARs & Breach Notifications
20
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
DSARs
21
Partially
automated
30%
Entirely manual, but
mature
30%
Entirely manual, and
ad-hoc
27%
Still being
designed
7%
Have not
addressed yet
1%
Don’t know
2%
Fully automated
3%
How DSARs are addressed
11 - 99
16%
Don't
know.
6%
100 - 499
6%
500 or
more
3%
1 - 10
47%
None
22%
DSARs Per Month Received Since
May 25th
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Breach Notification
22
16
None
70%
1
9%
Don't
know
9%
4 or more
5%
3
2%
Data breach notifications filed with
EU supervisory authorities since May25
2
5%
None
75%
Don't
know
8%
1
8%
3
2%
Data breach notifications sent to
data subjects since May 25
2
4%
4 or more
3%
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Poll Question
23
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Technology
24
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Technology
62%
36%
10%
12%
8%
2%
45%
18%
20%
10%
4%
3%
2018 2016*
* In 2016, respondents could select all that applied.
What tools do you use to perform
data inventory and mapping?
Manually/informally using email,
spreadsheets etc.
System developed internally
Commercial software tool designed
specifically for inventory/mapping
GRC software customized for
inventory/mapping
Outsource to external consultants/law firms
Don’t know
© 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Technology
26
With technology
investment: You’re
either in or you’re out.
None
76%
One
8%
Two
6%
Three
10%
Use of commercial software tools for data inventory/mapping,
DPIAS, and records of processing
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Questions?
27
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Contacts
28
Sam Pfeifle sam@iapp.org
Hilary Wandall hwandall@trustarc.com
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Thank You!
We’ll be announcing our 2019 Winter / Spring Webinar Series in the
next few weeks.
See http://www.trustarc.com/insightseries for the 2018
Privacy Insight Series and past webinar recordings
and future events!
29

Weitere ähnliche Inhalte

Was ist angesagt?

{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 

Was ist angesagt? (20)

Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]
 
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
Managing Consent and Legitimate Interests Under the GDPR [Webinar Slides]
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
 
Convince your board: How to prepare your business for List X
Convince your board: How to prepare your business for List XConvince your board: How to prepare your business for List X
Convince your board: How to prepare your business for List X
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
 
The Value of Using Security Policy Orchestration and Automation for Improving...
The Value of Using Security Policy Orchestration and Automation for Improving...The Value of Using Security Policy Orchestration and Automation for Improving...
The Value of Using Security Policy Orchestration and Automation for Improving...
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
GDPR 101
GDPR 101GDPR 101
GDPR 101
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
IDERA Live | Understanding SQL Server Compliance both in the Cloud and On Pre...
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy Quiz
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 

Ähnlich wie Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Practices

Five Trends in Real Time Applications
Five Trends in Real Time ApplicationsFive Trends in Real Time Applications
Five Trends in Real Time Applications
confluent
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
SolarWinds
 

Ähnlich wie Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Practices (20)

2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management
 
State of Cyber Resilience In Australia 2018
State of Cyber Resilience In Australia 2018State of Cyber Resilience In Australia 2018
State of Cyber Resilience In Australia 2018
 
Insur Tech Adelaide slides
Insur Tech Adelaide slidesInsur Tech Adelaide slides
Insur Tech Adelaide slides
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
Emerging Trends in Application Security
Emerging Trends in Application Security Emerging Trends in Application Security
Emerging Trends in Application Security
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Healthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber ResilienceHealthcare Payers: 2018 State of Cyber Resilience
Healthcare Payers: 2018 State of Cyber Resilience
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance Procedures
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance Procedures
 
Big Data LDN 2018: THE NEXT WAVE: DATA, AI AND ANALYTICS IN 2019 AND BEYOND
Big Data LDN 2018: THE NEXT WAVE: DATA, AI AND ANALYTICS IN 2019 AND BEYONDBig Data LDN 2018: THE NEXT WAVE: DATA, AI AND ANALYTICS IN 2019 AND BEYOND
Big Data LDN 2018: THE NEXT WAVE: DATA, AI AND ANALYTICS IN 2019 AND BEYOND
 
Healthcare Providers: 2018 State of Cyber Resilience
Healthcare Providers: 2018 State of Cyber ResilienceHealthcare Providers: 2018 State of Cyber Resilience
Healthcare Providers: 2018 State of Cyber Resilience
 
Big Data Industry Insights 2015
Big Data Industry Insights 2015 Big Data Industry Insights 2015
Big Data Industry Insights 2015
 
Accelerate Your Move to the Cloud with Data Catalogs and Governance
Accelerate Your Move to the Cloud with Data Catalogs and GovernanceAccelerate Your Move to the Cloud with Data Catalogs and Governance
Accelerate Your Move to the Cloud with Data Catalogs and Governance
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
 
Five Trends in Real Time Applications
Five Trends in Real Time ApplicationsFive Trends in Real Time Applications
Five Trends in Real Time Applications
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
The state of data privacy with dimensional research
The state of data privacy with dimensional research The state of data privacy with dimensional research
The state of data privacy with dimensional research
 
AI : Animal Like Abilities in Applied AI, What can go wrong?
AI : Animal Like Abilities in Applied AI, What can go wrong?AI : Animal Like Abilities in Applied AI, What can go wrong?
AI : Animal Like Abilities in Applied AI, What can go wrong?
 

Mehr von TrustArc

TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 

Mehr von TrustArc (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act:  Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act:  Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Practices

  • 1. © 2018 TrustArc Inc Proprietary and Confidential Information PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program PRIVACY INSIGHT SERIES Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Practices December 19, 2018
  • 2. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Thank you for joining the webinar “Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Practices” • We will be starting a couple minutes after the hour • This webinar will be recorded and the recording and slides sent out later today • Please use the GotoWebinar control panel on the right hand side to submit any questions for the speakers 2
  • 3. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Today’s Speakers Sam Pfeifle Content Director, IAPP 3 Hilary Wandall General Counsel and Chief Data Governance Officer, TrustArc
  • 4. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Today’s Agenda • Welcome & Introductions • Methodology & Demographics • Data Inventory & Mapping • Assessing Risk • DSARs & Breach Notifications • Technology • Questions 4
  • 5. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Methodology & Demographics 5
  • 6. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Methodology • Sent to Daily Dashboard list – 41k people • 496 responses • Total of 27 questions • Average response time of 7 minutes 6
  • 7. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Demographics 7 Equally balanced between the U.S and EU Nearly evenly distributed by company size How many people are employed globally by your organization? In which of the following regions are you currently based? United States 39% European Union (excluding the U.K) 32% United Kingdom 12% Canada 8% 25,001 or more 26% 1-250 23% 1,001-5,000 18% 5,001-25,000 17% 251-1,000 16%Asia 4% Other 5%
  • 8. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Demographics • Biggest sectors include Software and Services, B2B, Health Care, Education, Financial Services, Tech Hardware • One third privacy compliance, one third privacy legal, one third IT, IS, and distributed privacy 8
  • 9. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Data Inventory & Mapping 9
  • 10. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Data Inventory and Mapping 10 83% of organizations have created a data inventory Percentage of business processes that have been inventoried / mapped NumberofResponders [0, 10] [10, 20] [20, 30] [30, 40] [40, 50] [50, 60] [60, 70] [70, 80] [80, 90] [90, 100] 4 11 13 15 29 28 43 84 80 108 0 20 40 60 80 100 120
  • 11. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 11
  • 12. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Data Inventory and Mapping 12 17% of organizations have not 70% 26% 9% 8% We lack the necessary resources. We do not think we need to do this. We lack the necessary training. Don't know. Reasons for not inventorying business processes.
  • 13. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Data Inventory and Mapping 13 How many Article 30 Reports has your organizations created? 1-5 24% Don't know 19% 11-99 18% 100 or more 18% None 15% 6-10 6%
  • 14. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 14
  • 15. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Assessing Risk 15
  • 16. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Assessing Risk 16 Which assessments does your organization conduct? 60% 52% 48% 31% 29% 28% 27% 11% 10% 9% 5% 28% DPIAs Vendor / Third-Party PIAs Legitimate Interests Data Breach Readiness International Data Transfers ISO 27001 GDPR High-Risk Processing Internet Risk NIST PTAs Other
  • 17. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 17
  • 18. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Assessing Risk 18 How many DPIAs have you conducted since May 25, 2018? 1-5 39% None 17% 11-50 15% 6-10 12% 51 or more 9% Don't know 8% 69% 28% 10% 4% We do not engage in high risk processing activities. We lack the necessary resources. We lack the necessary training. Don't know. Reasons for not completing DPIAs.
  • 19. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Assessing Risk 19 84% 28% 25% 21% 15% 5% In-house team. Outside legal counsel. Template from regulatory or government agency. Outside consultant. Template bundled with an assessment tool we purchased. Don't know.
  • 20. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information DSARs & Breach Notifications 20
  • 21. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries DSARs 21 Partially automated 30% Entirely manual, but mature 30% Entirely manual, and ad-hoc 27% Still being designed 7% Have not addressed yet 1% Don’t know 2% Fully automated 3% How DSARs are addressed 11 - 99 16% Don't know. 6% 100 - 499 6% 500 or more 3% 1 - 10 47% None 22% DSARs Per Month Received Since May 25th
  • 22. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Breach Notification 22 16 None 70% 1 9% Don't know 9% 4 or more 5% 3 2% Data breach notifications filed with EU supervisory authorities since May25 2 5% None 75% Don't know 8% 1 8% 3 2% Data breach notifications sent to data subjects since May 25 2 4% 4 or more 3%
  • 23. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Poll Question 23
  • 24. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Technology 24
  • 25. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Technology 62% 36% 10% 12% 8% 2% 45% 18% 20% 10% 4% 3% 2018 2016* * In 2016, respondents could select all that applied. What tools do you use to perform data inventory and mapping? Manually/informally using email, spreadsheets etc. System developed internally Commercial software tool designed specifically for inventory/mapping GRC software customized for inventory/mapping Outsource to external consultants/law firms Don’t know
  • 26. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries Technology 26 With technology investment: You’re either in or you’re out. None 76% One 8% Two 6% Three 10% Use of commercial software tools for data inventory/mapping, DPIAS, and records of processing
  • 27. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Questions? 27
  • 28. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Contacts 28 Sam Pfeifle sam@iapp.org Hilary Wandall hwandall@trustarc.com
  • 29. PRIVACY INSIGHT SERIES Summer / Fall 2018 Webinar Program © 2018 TrustArc Inc Proprietary and Confidential Information Thank You! We’ll be announcing our 2019 Winter / Spring Webinar Series in the next few weeks. See http://www.trustarc.com/insightseries for the 2018 Privacy Insight Series and past webinar recordings and future events! 29