Data rights are the heart of modern privacy regulations – and are driving companies to prioritize data transparency to their customers, consumers, and employees. Regulations like the GDPR, CCPA, and LGPD increasingly mandate that individuals have the right to access, correct, restrict, or even delete the personal data that organizations collect on them. And as these privacy and protection regulations around the world continue to evolve, there are more questions than ever on how organizations actually implement, respond to, manage, track, and fulfill data rights requests.
That’s why we teamed up with the International Association of Privacy Professionals (IAPP), the largest and most comprehensive global information privacy community and resource, to learn how companies are currently implementing data rights – and where they’re planning to invest in the future.
We surveyed hundreds of privacy and IT professionals to identify current trends, discover how they’re navigating the current landscape of data rights, and learn what they’re prioritizing for future areas of investment. “We are seeing data rights requests serve as a catalyst for broader and deeper privacy postures,” said IAPP President & CEO J. Trevor Hughes. “This report analyzes not just current trends in the data access request landscape, but highlights areas of future investment that privacy professionals are bookmarking as the regulatory privacy landscape continues to evolve.”
This research is the first survey of enterprise privacy professionals to provide a glimpse into how companies are implementing data rights around the globe, trends across geography and verticals, and what’s next as organizations look to the future.
This report answers questions like:
- How do companies measure the success of their data rights investments?
- How many employees are typically responsible for data rights management?
- How do organizations currently inventory the personal data they collect – and how do they correlate data to an identity?
Additionally, we found that:
- 50% of respondents stated that anyone globally can exercise data subject rights with their organizations
- Over half the respondents say that data discovery is their top future investment priority
- Access and deletion requests are the most common type of data rights request received
- …and much more.
Companies must be ready to effectively process and manage data rights not only as current privacy regulations continue to evolve (and new ones are brought forth), but as individuals become more educated on their rights to access, delete and correct their personal data. This report aims to help companies prepare by understanding common data rights management practices today – and future investment strategies for tomorrow.