Enqueued CSS Stylesheets

Enqueued JS Scripts

Data Privacy as a Business Driver: How a Culture of Trust Can Enable Growth

Posted June 24, 2022

Data Privacy as a Business Driver: How a Culture of Trust Can Enable Growth

Posted June 24, 2022

Stand Out From the Competition with Improved Customer Trust

Empowered by the rising importance and global visibility of data privacy, businesses have the opportunity to grow from a top-down approach to data governance. A comprehensive, organization wide approach can help companies stand out from the competition with improved consumer trust, control and transparency that delivers brand equity and growth.

Join Karie Burt, Chief Data and Privacy Officer at Anteriad and guest speaker, Enza Iannopollo, Principal Analyst at Forrester as they cover the evolving privacy landscape, the global impact, and how businesses can leverage these requirements as competitive advantage to drive growth.

What they will cover:

Privacy is here to stay: A landscape view of global privacy and the fragmented regulatory environment in the US, what to expect and how to prepare.

Leveraging privacy as a competitive advantage: Examples of how companies can meet and exceed business goals by implementing solid, privacy policies and compliant data practices that deliver higher customer engagement.

The evolving shape of the privacy organization: A view of the new privacy organization, the importance of executive sponsorship and how to build a privacy team that is structured for success.

See the specific chapters below:
00:00 – Introductions
4:41- GDPR Is A Turning Point In Privacy
08:50 – Privacy Regulations Differ In The Details
10:49 – How Is The Legislative Landscape Affecting How Businesses Operate?
14:42 – Privacy Generates Competition
16:35 – Privacy Increases Brand Value
20:16 – Being Worthy Of Trust & Protecting Customer Data
24:20 – Privacy Creates Partnership
37:55 – Privacy Has Really Become A Cross Functional Discipline
44:36 – What And When Is The Next Privacy Legislation Expected?
46:31 – Is Global Privacy Regulation In The Future?
48:51 – Is There Any Enforcement Of The Privacy Rules?
00:00 – Introduction

Dee Blohm: Good morning, good afternoon, good evening. Welcome to our webinar from whatever time zone you may be logging in from. I’m Dee Blohm SVP of Marketing here at Anteriad, and I’ll be hosting today’s session. I’ll be joined today by two privacy professionals Enza Iannopollo and Karie Burt, and I’ll introduce them in a moment, but just a couple of housekeeping items.

Feel free to use the Q&A and the chat features, , within the Go To Webinar platform as needed throughout this about 45 minute session. You’re welcome to ask us questions throughout and we will get to them, as we can and we will hold some for the end. Um, so please be sure to use that. Also, stay tuned for a few polls that we’ll be conducting and we’ll be sharing those results live and online with you..

But to get started, we’re the marketing solutions partner of choice for B2B brands like IBM, Microsoft, Forbes, SHRM, Cisco. We partner with our customers to drive demand, generate leads, and create improved pipeline. We provide those teams with the scale efficiency and strategy that they need so they can focus on the results, which is getting in front of their customers and getting ahead of the competition.

So that’s a little bit about your sponsor. So let’s dig in for a moment on privacy before we get started. We have this constant evolution of technology that’s made it easier and easier, for companies to collect, use and transfer data globally. Likewise, we’ve seen strict data protection and privacy regulation that’s been expanding throughout all of the key business jurisdictions.

And with that, we’ve seen that often those standards are complex and often inconsistent, especially in the US. So some of the takeaways from today’s conversation, what you’ll learn is a landscape view of the US and global privacy, what you can expect, and how to prepare. Some defined examples of how you can leverage privacy as a competitive advantage and also how to build a privacy team that’s structured for success.

Our speakers today, I am excited to welcome to accomplished privacy professionals to the conversation and saying privacy professionals is not easy . So joining as our special guest from Forrester, we have Enza Iannopollo. She’s a Principal Analyst on the Security and Risk Team, as well as a certified information privacy professional.

Enza helps organizations worldwide on privacy and ethics through approaches that deliver business growth. While protecting the trust and brand of that company. In addition, she shares her research at executive conferences around the world and is often quoted in the media, , especially Wall Street Journal and Forbes.

We are also joined by Karie Burt, our Chief Data and Privacy Officer here at Anteriad. So we’ll have a good back and forth. Karie is also well versed in global data privacy legislation, and she advises our clients and partners on the new reality of privacy as an agent for positive change. She’s also a regular speaker on the privacy circuit and was recently featured as one of the four leading women in Privacy by GRC World Wide.

And that article was published very fittingly on International Women’s Day. So ladies, thank you both for bringing your depth and breadth of your privacy experience to our session today. Is there anything that you’d like to add about your bios or our takeaways for the day?

Karie Burt: No, let’s get started.

Enza Iannopollo: yeah. Very excited to get started.

Dee Blohm: Great. All right, so before we started, the webinar a few weeks ago, we conducted a survey on LinkedIn, very informal just asking businesses how they really felt about privacy. And these are the results that we saw. So some are way over it, some are officially done with the acronyms. A lot of companies are , prepared for privacy, but they just are doing it out of the obligation, and we do have a good amount that are aware that it can help them to drive growth.
So I think that that sets the stage for our talk today. And I’m gonna turn it over to Enza to get started.

4:41 – GDPR Is A Turning Point In Privacy
Enza Iannopollo: Thank you again. It’s a pleasure to be here and thank you for having me. And , I’m always very excited about discussing these topics. So, there are a few things that I thought we could discuss today.

The very first one being of course, an important turning point in the world of privacy. And especially, when I think about 2016, 2017, it was the time where, Europeans were upgrading the, the GDPR. And, there was of course a lot of, expectations about what that, that legislation is gonna be.

And to a certain extent, there was also, some kind of feelings, maybe it was so different than we have seen before and was gonna change a lot of things and that actually happened. GDPR is a real turning point, was a real turning point about the privacy. Uh, we have seen privacy really stopped being this niche conversation for lawyers.

Uh, and really becoming a conversation for, for the board executives asking about privacy and the GDPR and what are we doing as an organization. So has really changed the, uh, the culture around privacy. We have seen also for consumers how their ability to understand and, and actually asking companies to follow and to respect their privacy rights has been growing since, uh, 2016, 17.

So really a turning point. They will do privacy. And another thing that has, that has happened, uh, in the next slide is that privacy regulation at that point has gone global. Uh, we stopped seeing these European specific legislation, if you like, even though GDPR has an extraterritorial effect as we know.

But privacy has become really a global trend.

And I say that. We have seen in recent years a lot of privacy regulation being passed in very different places in very different regions. And, United National Conference for Trade and Development has identified, that are over 130 countries in the world today have some form of privacy or security regulation in place.

So you can see the extent now. Um, in my next slides, this is a view, uh, that we are prepared. We covered about, we, we have done research on about 100 different countries. So looking at the privacy regulation that each of these countries has, and we have rated these different regulation on a scale. So as you can see, there are still differences that our countries, they might have more stringent requirements for privacy. Countries that might have less stringent requirements, but certainly, again, this is just to give an idea of how broad privacy regulation has become and how is present in very different countries, and especially in the US.

As you can see in this list, I’ll try to put together the recent or the most recent privacy regulations that we have seen, um, emerging.

And as you can see, of course I mentioned the GDPR, there was the legislation in Brazil, that was also passed. Very similar, to the GDRP. By the way, Japan made making changes to their own privacy regulation. But certainly in the US we have seen a lot of activity. It started with California, with the California Consumer Privacy Act.

But of course there is the news, CPRA are very coming. And, uh, and then other states that have joined California really in, uh, thinking about and redefining the expectation around consumer, um, consumer privacy. And actually the, um, this slide from the IAPP, uh, it gives us an opportunity to click farther into what is going on in the US and you can see there, um, the, the state of the progress of different, uh, privacy regulation, um, in the, in the states with a number of appeal, of course, that have signed, but also, uh, a lot been at this point, uh, discussed. So I think that’s fair to say that we are gonna see further change in the regulatory landscape for privacy, um, in, uh, in the US and then this also means that, at the moment, there is really a lot of fragmentation.

So for organizations that do a business in different states, clearly there are a number of things that they have to look into, a number of different requirements.

08:50 – Privacy Regulations Differ In The Details

And I love what a privacy officer told me the other day that it’s true that this privacy regulation have a lot of similarities, but it also true that you really need to look into the details.
And when you go there, you see that instead, there are some differences that you need to take care of. So from a business perspective, if you have to comply with all of these different regulation, Clearly we need to focus on the commonalities and make sure that we really create, uh, economies of scale there. But it’s also true that there is a lot of difference that we need to take care of.

And so the classic question of. Are we gonna see, uh, federal bill for privacy in the US? Using this slide, there are a few, uh, um, articles that I put there, but the idea is that we know that there is a draft that at the moment being discussed of a potential federal, uh, privacy bill, uh, in the US.
I love that someone said this is really a different privacy bill. This is not something we have seen already. This is something new from my perspective. I recognize that are some pieces that are new, especially around the, um, algorithm for example, and some other requirements for companies. But I still find this to be based on those good seven principle of privacy.

So still we see a lot of what we have learned around privacy in this draft. And um, probably we’ll have an opportunity with Karie to think about what is gonna happen with this draft. But definite. It’s a very good sign, it’s indicating that this is now a topic that is clearly at the front, at the forefront of the discussion.

Something that we, we will see evolving definitely in the future. So possibly a way out of that fragmentation that we are seeing now. Now, um, with these Karie, I’m very curious from your, uh, point of, I have described all these changes from a regulatory, legislative, um, standpoint, but, uh, how do you think this legislative landscape is actually affecting, uh, business decisions and, and how business operate?

10:49 – How Is The Legislative Landscape Affecting How Businesses Operate?

Karie Burt: Yeah, no, I, uh, I agree with everything you’ve said, Enza and I think you know, it’s very important to quote that GDPR did herald in a new era of privacy, right? And it put privacy on the global stage, and then CCPA came in to effect. And I think what happened is it created mass confusion, right? People in the US thought that GDPR could apply to them.

Uh, people outside of California thought that CCPA related to them, and I think it, it is to your point, very hard to kind of stay on top of this ever shifting landscape. Right. But I, But I think it’s really important to say that I believe most marketers and most companies want to comply, right? They want to uphold the law.

And I think, you know, to your point, there are definitely basic tenants of protecting the rights of data subjects that we can all relate to as consumers, right? Needing to understand what data is held, who has access to it, how it’s used or activated by whom, right where it’s passed. And also I think, you know how to stop your data being sold or transferred.

So I think, you know, all of this legislative activity does have some commonality, right, for those basic tenants. But I think. Consumers are actually more educated than they’ve ever been. Right? They now kind of understand that companies sell data and license it and, you know, they’re, they’re actually more powerful.

And I think that’s actually a good thing because at the end of the day, we’re all data subjects. So, you know, my hope from a business perspective is that federal legislation.
Federal legislation should actually bring together all of these principles and kind of empower individuals to take charge of their personal data.

Right? And the legislation should provide clear mechanisms to do that. Right. And I think, you know, from a business perspective, There’s really nothing to fear here for marketers, right? We want to build engagement. We want to create audiences and have people that are responsive and open to hearing from us and our clients, right?

But we’ve gotta get some of this right for the foundation in order for us to have that kind of positive impact. So really I see the legislation as as being a positive area for change. Right. And I think, you know, at Anteriad we definitely embraced it. We tried to get ahead of the conversation, right? The mass confusion caused a lot of companies to kind of shrink back, maybe stop marketing to EU, for example. And we actually had a very different approach. We said, Okay, we’re going to use this as a business driver and we’re going to use it as a tool to kind of differentiate ourselves from the competition. So that’s, I think, the lead up to how it affected us um, to your question, as a business,

Enza Iannopollo: Thank you, Karie. Thank you for, for sharing that. And actually, uh, these just leads into exactly the, the kind of conversation that also I wanted to, to have. Um, as we, uh, talk about privacy. Uh, you can still see here, um, uh, if you give another click, these are some of the articles that I put talking about the federal bill.

14:42 – Privacy Generates Competition
And, um, and now, uh, if you give one more click, we are gonna go into, uh, the, uh, you know, the, the next kind of big discussions that we wanted to to have, which was around privacy as a competitive differentiation, privacy generating competition. And I love what you said, Karie, saying, you know, this is not just stopping marketing or, uh, you know, changing or really shrinking those activities.

This is changing what we were doing before so that actually we can have more success. And this is what we see. So, um, if we got one more, um, slide, uh, there I have, um, prepare some data that I wanted to, um, to share. Um, that actually show we asked, this is a survey that we have, um, recently, um, released that are, the respondents are about 800 privacy professionals around the world.

So is a, a big group of, of respondents there. And we’ve asked them, uh, w which kind of benefits have the experienced, uh, or they expect to experience as part of their privacy program. Um, and fundamentally what they have told us, which, um, again, is interesting, um, if you think about the, um, how the, their privacy, uh, discussion has changed.
They have telling us, of course, compliance, we, we do. Our previous program is for compliance, but then there is 41% of these respondents actually said that they, uh, um, use and are as a benefit of the program. They have increased the, uh, uh, building customer trust, exactly to your point of this concern, being educated, acting, and of course recognizing the company that are doing well with their data.

They can respond to their, uh, request, their, I won’t be forgotten, and those companies then cannot include, This becomes a way to build, to build trust.

16:35 – Privacy Increases Brand Value
But also, um, there is 35% have said that they have seen increased brand value. So privacy, bringing more transparency to the brand, helping building a reputation for being a brand that people can trust with their, with their data, which is indeed very, uh, important.

And then about 30% of these respondents says actually that they have seen their program become, uh, an enabler for innovation. Which for me is very, very interesting. And I’ve seen from, um, you know, artificial intelligence and other kind of machine learning, all these emerging technology then comes with risk. Privacy has forced organization to say, Let’s think about these risks, let’s assess these risk and let’s see what we can do to actually make sure that these can be improved.

And again, you can see how these as definitely brought the conversation about privacy, brought data is definitely, can become a catalyst for, for change, even when it comes to, in. And I have these, I wanted to, uh, to talk about this quote that I, uh, that I, um, have seen in a conversation with one of these, uh, or with, um, a privacy officer.

It was together with their, um, uh, with their CMO.

So a marketing person, You can imagine at the beginning, their relationship between privacy and marketing, uh, needed to be worked out. But I all the examples that I’ve seen, when companies can find a way, these two groups to work, work together, the outcome is always a very positive outcome.

And in fact, I have this CMO from a B2B organization then said that GDPR has really pushed them to think differently about the customer engagement. And they have moved from thinking about marketing from a campaign model to a model that actually keeps the customer at the center of the decision making.

Really thinking about how do we engage this customer, What’s relevant to them, what we have done in previous interactions, what else we can bring to that relationship to actually help us move forward? And the response is then people find that what they are receiving from a marketing perspective is more interesting to them, keeps them more engaged.

So there is a very profound change in the way organization think about how do they engage customers and privacy has is just, you know, forced them to think that that way. Uh, but I know there are also at the Anteriad we have, you guys have done a lot. Also, I’ve embraced privacy and GDPR and privacy that in the US uh, more, more specifically as a catalyst for change.

Would you like to tell me something about what it means for you in your organization?

Karie Burt: Yeah, no, absolutely. I mean, we looked at it as a chance to kind of clean the house, right? So we’re not just talking about that one closet under the stairs and no one wants to go in, right? We had to go kind of top to bottom and we looked at all of our processes, right?

And I was able to take like a 360 view of our whole organization. And I think, you know, it’s kind of, you need basic, thorough steps. Like what data were we ingest? Right. What data is superfluous, right? What is absolutely necessary for us to kind of run our business and work for our clients?

You know what data is considered sensitive, right? With GDPR and, and CCPA sensitive PII is now a definition, right? So we wanted to look at what we were kind of taking in and we really looked at all of our use cases, and it’s not just customer data or third party data, you know, as a business we create our own data, you know, from our websites, from holding events like this, right?

20:16 – Being Worthy Of Trust & Protecting Customer Data

From employee data. That’s another area of obviously sensitivity. Um, and I think, you know, looking at customer data, It’s a really valuable asset that our customers have entrusted us with, right? So that had to be an area of focus to make sure that we were kind of worthy of that trust and protecting that kind of data asset.

So, you know, we revisited like. The scope of work with our customers, what we were doing with that data, what data they were providing us, and we were looking in different ways as well. Because you know, even if you take modeling or analytics, you may be stitching together data from different sources. Right?

So we had to kind of. Think a bit differently, you know, with vendors. I mean, that’s a really important area. You know, we had to audit our vendors, make sure their processes were compliant. Again, check that they weren’t sending us superfluous data. You know, you get vendors let go, Oh, well I’ll send you everything I’ve got.
Right? and, And that is not actually a good practice, right? So we had to kind. Trim the fat.
Um, I think the other thing that’s really important and we took a look at is don’t just assume it’s only like the data team that touched data, right? There’s lots of people within an organization touching data, right?

I think we’ve all seen salespeople emailing client files and copying a whole team, right? There’s stuff like that that goes on. So we had to make sure we had secure transfer protocols in place and we had to train our staff about that. You know, obviously marketing and HR, you know, touch data too. So I think, you know, going back to those basic tenants, we were looking at how data is stored, processed, and transferred, right?

Because all of that has a knock on effect in terms of us being compliant and also having best practice. I think, you know, what we tried to do is really instill good data governance across the organization. You know, set up safe havens, clean rooms, have access controls for who was able to actually touch PII and have access to it.

So we kind of looked through a privacy lens and, you know, tried to train our staff and create data ambassadors, right, to kind of increase the knowledge base across the whole organization. So it’s not just within the privacy team, you know, it’s extended throughout. Um, and, and really for us, Enza we had to kind of reshape our approach and our culture.
Right. And we’ve now worked hard to kind of create a culture which has a greater respect for privacy. And, you know, as a business, I think it’s important to kind of mention that it’s not just that we are looking to protect ourselves, right? We, we read in the news about data breaches, data leaks, right? We also have to answer legislative bodies such as the EU for GDPR that we didn’t really have to before. Um, so I think, you know, the key for us able to kind of have this corporate transformation was really having buy in from the top right, from our CEO downwards. And that was really important. It kind of enabled us to kind of shift the conversation and use privacy as a more positive agent for change, right?
Which was really a new start for our customers, employees, and partners. So there was a lot of change in transformation, and it’s still ongoing, right? It hasn’t stopped.

24:20 – Privacy Creates Partnership
Enza Iannopollo: Well, I’m glad to hear, and I’m gonna pick up on one element of, of all that you have mentioned, also that the word partner, Um, for a lot of course we think about privacy as a consumer, um, issue and changing the way, but there is the, the customers parts of that, but also, Partner, the way we interact with other organizations, and in fact we are all linked in this, right?

You cannot be fully compliant if others in your value train are not. And so it’s important that we consider that. And in fact, a lot of the work that I have seen organizations doing was indeed looking at that, uh, value chain. I remember a Chief Information Security Officer that in his organization was in charge for privacy too, that actually said he terminated, a number of third party collaborations, because he wasn’t confident at that point.

There was not enough assurance that those third parties were aligned to what he wanted to do for privacy. They were, you know, they weren’t compliant. They couldn’t prove to him that, that they were compliant. And in fact, still to them in the organization say that they take, take privacy compliance very seriously because of that third party pressure that they, that they feel.

And, um, as this is a topic also by itself in a evolution or around third party risk management, but I have some, I’ve seen organizations really innovating also there. And in particular, remember one European organizations with a number of third parties, they said. When it when it was, you know, for privacy, that they needed to then start to ask for more specific proof of certain, you know, compliance or, um, uh, specific.

It wasn’t any like filling in the questionnaire, and I’m gonna trust you. We were in a moment where we started to ask more deeper question to those, to those partners. And they felt that they had , so many partners that they couldn’t take the same approach for everyone. So they run a sort of risk assessment and they said there are some partners with whom we share personal information of our customers.

Um, and also there are partners that are very critical to our business so that those group of partners, we need to spend more energy around them. And they have created a new way of looking at them including, uh, face to face meeting once a year. So you had really these people meeting, and he felt that actually that that moment of being together was also important for value alignment.

And I love that because we are moving from compliance to, I want to talk to partner that understand what I’m saying, that know what’s important to me and has to be the same for them. So I find that this is really creating trust in the ecosystem. And again, one of those a very interesting, um, uh, positive spill out from, from, from privacy that we have, have seen, and I’m sure that when it comes to third party risk and privacy, you have seen your customers, uh, you know, embracing a lot of these activities. Um, how have you, uh, what is your perspective? How have you seen these, um, these, these aspect to privacy evolving in your experience?

Karie Burt: So I, I think you know what’s been great about all of this hard work that we’ve done, right, is we’ve seen many tangible benefits, right? I think one of the obvious ones are we have less customer and consumer complaints. Right. Um, so that kind of fosters more customer trust, right? And I think, you know, transparency has been key here, right?
We, we’ve kind of taken away the black box and we’re exposing customers, um, to our data ecosystems and we’re kind of sharing with them our data driven best practice, right? And customers respond to that, right? Because they feel that we can be a trusted partner and, and vendor. Like in, in the same way we have these third party vendor relationships.
We’re a third party or vendor partner to our, our clients, right? So it kind of, uh, works both ways. I think, you know, one of the other things that’s helped us is we’ve introduced, um, Privacy and compliance into our sales story. We get it into the conversation early, and it’s part of our collateral, It’s part of our approach.

And I think, you know, before there wouldn’t be any mention of privacy and compliance until someone was looking at a contract, right? And it would be hidden in the subsection in TNCs. So I think the fact that we kind of are open about it, it’s actually had another tangible benefit that it’s helped us win business.
Because if, if you are talking to enterprise clients, they demand privacy and compliance to be part of the conversation, right? When you first kind of pitch and go through the kind of first conversations, and then when you are kind of win the business and you are going through an onboarding process.

Um, you have to kind of jump through a lot of hoops, which you know, is best for both of us. And, you know, we also had some enterprise clients that very early on introduced the notion of training our staff as being mandatory. Uh, and instead of just checking the box and doing that for one particular client, we’re like, Nope, we’re gonna do this across the whole organization.

So that was something that was, uh, really positive. And I think, you know, once you kind of stop on this journey, you just kind of embrace it and you feel empowered. And you look for more ways, right? So you know, whether it’s SOC 2 or ISO, which kind of produce, provide, you know, validation and accreditation for kind of data and data security and tech best practice.

You know, that’s, that’s, uh, really important to us. We’re also now a, a Microsoft approved vendor, and we have been for quite a few years. You know, they audit us every year and it feels really good when we get that kind of sign off.. Um, so I think, you know, to your point, Enza, it’s not just about compliance upholding the law, it’s about looking to introduce better, best practice, right?

And a desire to be better, engage better. And really deliver more meaningful outcomes for our clients. Um, and again, it’s, it is ongoing, right? You can’t rest, you can’t sit, uh, down. You have to kind of make it an ongoing process. And I think, you know, it’s really become knitted into the fabric of our business today.

And, you know, it’s that better best practice that we kind of strive for, um, every day.

Dee Blohm: Hi ladies. I uh, got disconnected there. You can’t beat live tv. Uh, my apologies. And, um, I had to dial in on my phone.

Enza Iannopollo: This is a great point for maybe a poll, maybe we can ask the audience Sure. About some of their, their own experience we’ve been sharing, uh, our own, but maybe they can tell us a little bit about, uh, their own, um, experience and uh, yeah. There we go.

Dee Blohm: Okay, so we did, uh, organize a poll to ask all of our, uh, attendees if your organization Chief Privacy Officer.

We’re getting a lot of yeses, so that’s good. Uh, and that is 20 seconds. We’ll give them three more seconds. Okay, we have 89%, uh, yeses for, um, for those organizations that have a Chief Privacy Officer. Uh, I’m going close that poll and open another one, um, asking our attendees if their organization has mandatory privacy training.
So let’s go ahead with that for 20 seconds.

Getting high numbers here too. Karie, you’ll be happy.

All right. That’s 20 seconds in. We have 90% yes. That they do have, um, Mandatory privacy training. So that’s good news. And actually it’s a, a very good setup for Enza, uh, on some stats that she’s about organizations, um, and their privacy.

Enza Iannopollo: Yes, thank you Dee and thank you for, uh, everyone sharing with us a little bit of, uh, their own experience and the, the in in their organizations. And I want to, um, have that as an opportunity really to talk a little bit about how privacy teams are, are evolving and are changing because if it’s through the privacy as moved from this niche, topic for lawyers to a topic for executives, boards a, a topic that has changed, not the way we comply with regulation only, but the way we engage with customers, the way we build competitive advantage.

Clearly. Also, the team supporting all of that to change. And so the very first data point that I want to share with you, again, we are using that survey of 800 privacy professionals that we have recently completed. We have asked, Do you have, uh, Chief Privacy Office? There are now, um, 52% of the respondent said yes.
So very much in line with what we have. Heard also from the audience today is also interesting to notice that 27% said, uh, we don’t have, um, a privacy officer with our drop title, but we have someone in an executive position that plays that role. And I think, um, you know, very great news. We are looking, uh, again over here, um, almost 80% of the respondents really saying we have, uh, someone executive positioning for privacy. We have a privacy officer. Such a change. If you remember, 2016, 2017, banks have Chief Data Protection Officer, but we, we wouldn’t find privacy officers so spread in organization. So a really an element of change there.
And also to the next, If you move to the next slide, please. We have seen, we have asked about. , Um, yeah, there was a build, uh, the, um, where is privacy reporting to? Uh, again, if we saying, you know, in the past we’ve seen a lot of legal and still directly there is an important legal element here and there are some organizations and still that privacy reporting into the legal council.

We start to see a change. Privacy is this business enabler is competitive advantage, and therefore we are starting to see privacy, um, uh, reporting more and more into the chief executive officer, the CEO in, in organization, really making this clear, a very important legal topic but also an equally important business topic.
And so really reporting to the um, the business. We start to see also the interaction between privacy, legal with IT and security and data more and more. And so one part, 13% are saying we report privacy reports to the CIO or the the chief information security officer. So that is a little bit to the change that impacts we are seeing business IT and security, being more, um, integral to the privacy team, being much more aligned to the privacy team and actually, if we move to the next slide, I’m gonna show you, um, the composition of these, uh oh. This, this, uh, sorry. This is about the, uh, organization, having privacy team in place. 67%. Again, just a, uh, another reference to the fact that we have seen a level of maturity there with privacy teams really being present in organizations uh, today.

Again, a few, just a few years ago that wasn’t really the, the case and now. We can go to this slide that I wanted to show you about the, the skills and, um, how these teams are actually, um, organized. There is a built on these slides, so if you give me one more, um, click, um, it will appear and basically the emphasis there is – where is, where are the members of the privacy team coming from? Which kind of skills and expertise these teams have? You can see, of course IT is, is very big component there, but it was interesting to see that actually data and business skills start to be present and in demand in privacy team. Again, such a great alignment to see this happening inside the privacy team, with all that we have discussed.

These are the people that need to also be there to support the kind of evolution that we have been talking about in the last hour, so in the last 14 minutes. So it’s, uh, it, it’s a very good proof point of what we are discussing. And I have one more slide for you. I want to show uh, who is involved in the, um, design and executional privacy policy? Again, more confirmation.

37:55 – Privacy Has Really Become A Cross Functional Discipline
What we have seen, privacy finally is really, has really become a cross functional discipline. We said that for a very long time. Uh, but finally you start to see, can you see how, uh, you know, there are teams that are more involved, but you see how spread is the collaboration, uh, for, for privacy from data analytics to data management, customer experience.
Really the organization as a whole coming together for, for privacy, which again, uh, I think is very interesting to see. Very stimulating for those on the line that might still have organizations that are more, uh, you know, selective on the privacy skills. This is the time to really embrace inclusivity in that sense, really having a lots of different, uh, participation from different teams.

When this happened, when you have a privacy team that is really crossfunctional, when you have a lot of clear understanding of your system, your data flows because it security is part of this, uh, of this team happens. Exactly what the privacy manager in the next slide actually told me. This is a, a very interesting quote.
We all talk about personalizing privacy, but the point that this, uh, privacy manager is making, is “I can stick my head in certain environments, check what they are doing. I know, I understand, and I can verify. And this is where your operationalized privacy”, and I love it because it is all about understanding data, data flows, the environments and the people that are working with that data.

That’s the only way you can actually operationalize, uh, operationalize privacy. So I really like the quote there. Karie, what do you think? Do you share the view of this privacy manager? Uh, or, or, uh, what is your, what is your reaction to.

Karie Burt: Oh, no, I, I absolutely love it too. Enza. And I think, you know, it’s, it’s true.

You have to have visibility across the whole organization. And you know, for me personally, what I like is it is a collaborative job, right? You’re not in the back room somewhere, right? I’m working across the whole business with my peers in every function, and that’s the only way you can. To be honest, you know, you have to have the buy in from the top.
You know, we’ve got it from our CEO to kind of empower me to kind of work across the whole business at a senior level. And, and to your point, you know, you have gotta get the workflows in place and that does kind of make things easier. Um, but you need to have someone to own it. Right. You need to become the gatekeeper and you need to understand what’s flowing in right and what’s flowing out and kind of, you know, keep on top of it.

So I think, you know, the other thing, my advice is to anybody that in this position is, You have to ask questions, right? You have to ask the whys, what, where, whens, And I think, you know, you also have to challenge, right? Existing setup, so, you know, challenge the, Well, we’ve always done it that way. Right approach.

Right. Because that, well, we’ve always done it that way. That could be the one thing that could kind of get you into trouble, right? So I think, you know, being empowered, having that buy in and just having that visibility is, is kind of really important for us. And I think, you know, we’ve kind of taken this approach.

And it, it’s multilayered, right? It, it’s not just to protect our customers or our partners or our employees, right? We’ve also gotta protect our corporate data assets, right? Which are valuable. We need to kind of maintain, um, our reputation as a business and a brand, right? And I think by kind of adopting and embracing all of this, We’ve definitely seen, you know, downstream positive outcomes right there through creating that trust and transparency, you know, those values.

It’s interesting that they’re very symbiotic with our corporate values as well. Right. And I think, you know, we see this kind of merging of creating trust, transparency, openness, and I think you know that value creation benefits everybody, employees, clients. And so it’s, it’s really been a win-win. And I think, you know, the fact that we’ve been able to embrace it and make it a business driver, has really created positive change.

Um, I, I would like to have clearer legislation, especially on the federal US side mm-hmm. so we can kind of keep the momentum and, and good work up. But, um, no, I, I think it’s been a really interesting journey the last few years and we’ve had a, we’re seeing the benefits and it’s been very positive for us as an organization.

Enza Iannopollo: Thank you for sharing all of that. Um, Karie, it was very interesting to hear from, from me as a, as a, as an analyst, as a privacy professional. I’m sure that everybody on the line, uh, is very, uh, you know, happy for, um, hopefully these very, uh, you know, these, these, uh, discussion. Um, I think that if we have no questions, Um, we may be able to, um, to wrap up.

Do you have any question on your side, Karie?

Karie Burt: No, I,
I think, you know, I appreciate everyone joining us on a holiday weekend, um, in the US I think, you know, I think Enza, I would love to have another session with you later towards the end of the year and maybe we will have some federal privacy legislation, um, to discuss.
And, uh, we can see how that looks. Um, we will make sure Enza had some additional great slides that anyone viewing this live didn’t get to see. So we will make sure that everyone who registered gets a full copy of the deck and, you know, off of.

Dee Blohm: My, my dialup is working , It’s like 1990 over here. Uh, we did get a couple of questions and I would just love to, um, go through those, uh, my apologies if they were coming in while my internet was in and out.

Um, so just for Enza and Karie, I’ll let you decide, um, who should take these, but, uh, we’ve got a question about what and when is the next largest privacy legislation expected.

44:36 – What And When Is The Next Privacy Legislation Expected?
Karie Burt: Well, I, I think the US one, um, is, is obviously very significant because it’s kind of marrying, uh, the whole US landscape together. So from a US perspective, it’s federal, I think Enza’s obviously is a global analyst.

If she, she may have, uh, a different perspective on this. What do you think Enza? What’s next?

Enza Iannopollo: Yes. I think next, um, two things that are yes, like on a, on a, a global perspective. Um, one interesting place is China at the moment where they have passed last year, they new privacy regulation. There are some security regulation, but there is a continuous update of the standards coming out. So there is a lot happening there in terms of, uh, implementation pieces to those regulations. So for those of you that might have operations, uh, in those, uh, uh, you know, in that part of the world, definitely want to, to keep watching. And then India is the, the other one that you have been working.

India has been working on this piece of legislation for a very long time. Uh, so it’s difficult to say that, but I think maybe at the end of this year that may be ready, but is a very interesting piece of privacy legislation where potentially even anonymized data, if it was personal originally, maybe still considered partially personal, would some requirements that would apply even in that case.

Uh, there are some requirements for international data transfer. A lot of organization, of course, Data and teams and support in, in that region. So definitely another one to really watch out for because might have very strong potential for, for change. Again. Thank you.

Dee Blohm: Um, there was also a question about global privacy.

Do, do either of you foresee a global privacy regulation? You may have answered that a little bit in the last one.

46:31 – Is Global Privacy Regulation In The Future?

Karie Burt: Uh, I, uh, I think global peace may be easier to achieve. Um, I, I think that, you know, we never have that, but I think, you know, what I would like to see is kind of a homogenization of regions adopting the basic tenants, right?

Um, around privacy that Enza and I talked about, right? Because you can distill it down to kind of respecting data, subject access rights, and, uh, that will be a good agent for change. But I don’t think it will come in from a, a global level, unfortunately. I think, uh, we’re still gonna have to navigate some of these different region.
Um, so yeah, still a lot of work to be done. Enza?

[00:47:23] Enza Iannopollo: Yes, I, I agree. I think that we probably, we never achieve the level of, you know, interpretability if you like. And also privacy is, in a way, has some very important cultural elements. So I think that some differentiation, some differences are reflective of the culture of the countries and, and so will stay there of the, they may be reflective history as well, might stay there and, and I’m uh, definitely. Um, you know, I think that that is the right thing to do.

At the same time as you were saying, and I agree, there are some key principles that are there. Uh, and those we can share, those we can really, uh, kind of, uh, stand, uh, uh, you know, across regardless of where you are, those, those seven I think is the number that we typically five those principle or privacy that are definitely very important in every place.
And in fact, when I work with organizations that are multinational, then says, How do I start? There is so much for me to cover. Typically we look, we look at those key principles that are gonna be there in some shape, in some form, in all of these different privacy regulations. And so, and we also often look at the high bar.

So looking at the high bar and then everything else can tend to fall in place. So there are some strategies to really try and minimize the impact of fragmentation, but one single privacy regulation globally, probably not.

Karie Burt: Agreed.

Dee Blohm: Uh, we have one more question and I think it’s a good one. Um, so you’ve told us about the rules.

48:51 – Is There Any Enforcement Of The Privacy Rules?

Is there actually any enforcement? So that’s a good one, .

Karie Burt: Yeah. I, I’m gonna defer to Enza on this because I, I know it’s something that obviously Forrester track very closely. Um, Right. So, um, over to you.

Enza Iannopollo: Yeah, thank you. It’s, um, it’s a question that I often, uh, receive. I mean, this is something that, uh, you know, we say there are so many rules, uh, what, what, what is actually happening with you?

And probably we don’t see the headlines that often, but the regulators are indeed enforcing the rules. I can give an update from here from Europe. Uh, we are at the moment tracking over 1000 enforcement action and fines that have been issued. So regulators are very active. Uh, we have not seen, uh, find, actually ease the 4% of global turnover of any company, but we have seen also significant fines, uh, in the last few years.

But again, the number is that regulators are very active. Definitely looking in international data transfer issues, um, as well as some of those, you know, issue related to consumers rights. So there is a lot going on from an enforcement perspective. And also California recently published our first sort of activity report for the first year of CCPA and we have seen there a number of also enforcement action.

There is not as much as we have seen in Europe because of the time. Of course it’s a case of GDPR. But again, some very good insights and one of the thing that was interesting to me is really in the CCPA, how this is a real cross-industry efforts. There is not necessarily focusing on a single sector, but really.

Uh, looking at the practice of company in very different sectors, and I think their, their activity report for the first year of CCPA made it very clear, um, everybody is in and everybody has to look at those roles if they, if they apply. So was, uh, was definitely interesting to see.

Dee Blohm: Okay. Um, that’s great. Um, We are just out of time.

So I want to thank Enza and Karie for joining us today for, uh, those of you who joined us virtually. We appreciate your participation, uh, in the survey and with your questions. Um, apologies for any technical difficulties. Would love to hear your feedback on the content. Uh, if this webinar was helpful, I promise it’s just a two question survey.

[00:51:14] Uh, Enza. Karie, again, thank you. Wishing you a great weekend. And then just for what’s ahead from Anteriad next month, we’ve got our, uh, webinar on July 27th on data activation, leveraging and optimizing the strongest tool in your toolbox. So a big thank you to everybody who, uh, came today and to our speakers.

Have a great weekend and stay safe.

Karie Burt: Thanks everybody. Thank you, Enza, thank you Dee. , Bye bye.

Dee Blohm: You’re welcome. Thanks.

Enza Iannopollo: Bye.