Weitere ähnliche Inhalte Ähnlich wie Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Practices (20) Kürzlich hochgeladen (20) Privacy Risk Management - Emerging Trends, Benchmarking Research and Best Practices1. © 2018 TrustArc Inc Proprietary and Confidential Information
PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
PRIVACY INSIGHT SERIES
Privacy Risk Management - Emerging
Trends, Benchmarking Research and Best
Practices
December 19, 2018
2. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Thank you for joining the webinar “Privacy
Risk Management - Emerging Trends,
Benchmarking Research and Best Practices”
• We will be starting a couple minutes after the hour
• This webinar will be recorded and the recording
and slides sent out later today
• Please use the GotoWebinar control panel on the
right hand side to submit any questions for the
speakers
2
3. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Today’s Speakers
Sam Pfeifle
Content Director, IAPP
3
Hilary Wandall
General Counsel and Chief Data Governance
Officer, TrustArc
4. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Today’s Agenda
• Welcome & Introductions
• Methodology & Demographics
• Data Inventory & Mapping
• Assessing Risk
• DSARs & Breach Notifications
• Technology
• Questions
4
5. PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Methodology & Demographics
5
6. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Methodology
• Sent to Daily Dashboard list – 41k people
• 496 responses
• Total of 27 questions
• Average response time of 7 minutes
6
7. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Demographics
7
Equally balanced
between the U.S and EU
Nearly evenly distributed
by company size
How many people are employed
globally by your organization?
In which of the following regions
are you currently based?
United States
39%
European Union
(excluding the U.K)
32%
United Kingdom
12%
Canada
8% 25,001 or more
26%
1-250
23%
1,001-5,000
18%
5,001-25,000
17%
251-1,000
16%Asia
4%
Other
5%
8. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Demographics
• Biggest sectors include Software and Services,
B2B, Health Care, Education, Financial Services,
Tech Hardware
• One third privacy compliance, one third privacy
legal, one third IT, IS, and distributed privacy
8
9. PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Data Inventory & Mapping
9
10. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Data Inventory and Mapping
10
83% of organizations have created a data inventory
Percentage of business processes that have been
inventoried / mapped
NumberofResponders
[0, 10] [10, 20] [20, 30] [30, 40] [40, 50] [50, 60] [60, 70] [70, 80] [80, 90] [90, 100]
4 11 13
15
29
28
43
84 80
108
0
20
40
60
80
100
120
11. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Poll Question
11
12. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Data Inventory and Mapping
12
17% of organizations have not
70%
26%
9% 8%
We lack the
necessary
resources.
We do not think
we need to do
this.
We lack the
necessary
training.
Don't know.
Reasons for not inventorying business processes.
13. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Data Inventory and Mapping
13
How many Article 30
Reports has your
organizations
created?
1-5
24%
Don't know
19%
11-99
18%
100 or more
18%
None
15%
6-10
6%
14. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Poll Question
14
16. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Assessing Risk
16
Which assessments does your organization
conduct?
60%
52%
48%
31%
29% 28% 27%
11% 10% 9%
5%
28%
DPIAs Vendor /
Third-Party
PIAs Legitimate
Interests
Data
Breach
Readiness
International
Data Transfers
ISO
27001
GDPR
High-Risk
Processing
Internet
Risk
NIST PTAs Other
17. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Poll Question
17
18. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Assessing Risk
18
How many DPIAs have you
conducted since May 25, 2018?
1-5
39%
None
17%
11-50
15%
6-10
12%
51 or more
9%
Don't know
8%
69%
28%
10%
4%
We do not
engage in
high risk
processing
activities.
We lack the
necessary
resources.
We lack the
necessary
training.
Don't know.
Reasons for not completing
DPIAs.
19. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Assessing Risk
19
84%
28%
25%
21%
15%
5%
In-house
team.
Outside legal
counsel.
Template from
regulatory or
government
agency.
Outside
consultant.
Template bundled
with an assessment
tool we purchased.
Don't
know.
20. PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
DSARs & Breach Notifications
20
21. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
DSARs
21
Partially
automated
30%
Entirely manual, but
mature
30%
Entirely manual, and
ad-hoc
27%
Still being
designed
7%
Have not
addressed yet
1%
Don’t know
2%
Fully automated
3%
How DSARs are addressed
11 - 99
16%
Don't
know.
6%
100 - 499
6%
500 or
more
3%
1 - 10
47%
None
22%
DSARs Per Month Received Since
May 25th
22. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Breach Notification
22
16
None
70%
1
9%
Don't
know
9%
4 or more
5%
3
2%
Data breach notifications filed with
EU supervisory authorities since May25
2
5%
None
75%
Don't
know
8%
1
8%
3
2%
Data breach notifications sent to
data subjects since May 25
2
4%
4 or more
3%
23. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Poll Question
23
25. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Technology
62%
36%
10%
12%
8%
2%
45%
18%
20%
10%
4%
3%
2018 2016*
* In 2016, respondents could select all that applied.
What tools do you use to perform
data inventory and mapping?
Manually/informally using email,
spreadsheets etc.
System developed internally
Commercial software tool designed
specifically for inventory/mapping
GRC software customized for
inventory/mapping
Outsource to external consultants/law firms
Don’t know
26. © 2018 TrustArc IncPrivacy Insight Series - trustarc.com/insightseries
Technology
26
With technology
investment: You’re
either in or you’re out.
None
76%
One
8%
Two
6%
Three
10%
Use of commercial software tools for data inventory/mapping,
DPIAS, and records of processing
28. PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Contacts
28
Sam Pfeifle sam@iapp.org
Hilary Wandall hwandall@trustarc.com
29. PRIVACY INSIGHT SERIES
Summer / Fall 2018 Webinar Program
© 2018 TrustArc Inc Proprietary and Confidential Information
Thank You!
We’ll be announcing our 2019 Winter / Spring Webinar Series in the
next few weeks.
See http://www.trustarc.com/insightseries for the 2018
Privacy Insight Series and past webinar recordings
and future events!
29