Enqueued CSS Stylesheets

Enqueued JS Scripts

Data Privacy as a Business Driver: How a Culture of Trust Can Enable Growth

Posted June 24, 2022

Data Privacy as a Business Driver: How a Culture of Trust Can Enable Growth

Posted June 24, 2022

Stand Out From the Competition with Improved Customer Trust

Empowered by the rising importance and global visibility of data privacy, businesses have the opportunity to grow from a top-down approach to data governance. A comprehensive, organization-wide approach can help companies stand out from the competition with improved consumer trust, control and transparency that delivers brand equity and growth.

Join Karie Burt, Chief Data and Privacy Officer at Anteriad and guest speaker, Enza Iannopollo, Principal Analyst at Forrester as they cover the evolving privacy landscape, the global impact, and how businesses can leverage these requirements as competitive advantage to drive growth.

What they will cover:

Privacy is here to stay: A landscape view of global privacy and the fragmented regulatory environment in the US, what to expect and how to prepare.

Leveraging privacy as a competitive advantage: Examples of how companies can meet and exceed business goals by implementing solid, privacy policies and compliant data practices that deliver higher customer engagement.

The evolving shape of the privacy organization: A view of the new privacy organization, the importance of executive sponsorship and how to build a privacy team that is structured for success.

See the specific chapters below:

00:00 – Introductions

4:41- GDPR Is A Turning Point In Privacy

08:50 – Privacy Regulations Differ In The Details

10:49 – How Is The Legislative Landscape Affecting How Businesses Operate?

14:42 – Privacy Generates Competition

16:35 – Privacy Increases Brand Value

20:16 – Being Worthy Of Trust & Protecting Customer Data

24:20 – Privacy Creates Partnership

37:55 – Privacy Has Really Become A Cross-Functional Discipline

44:36 – What And When Is The Next Privacy Legislation Expected?

46:31 – Is Global Privacy Regulation In The Future?

48:51 – Is There Any Enforcement Of The Privacy Rules?

00:00 – Introduction

Dee Blohm: Good morning, good afternoon, good evening. Welcome to our webinar from whatever time zone you may be logging in from. I’m Dee Blohm SVP of Marketing here at Anteriad, and I’ll be hosting today’s session. I’ll be joined today by two privacy professionals Enza Iannopollo and Karie Burt, and I’ll introduce them in a moment, but just a couple of housekeeping items.

Feel free to use the Q&A and the chat features, within the Go To Webinar platform as needed throughout this about 45 minute session. You’re welcome to ask us questions throughout and we will get to them as we can, and we will hold some for the end. So please be sure to use that. Also, stay tuned for a few polls that we’ll be conducting, and we’ll be sharing those results live and online with you.

But to get started, we’re the marketing solutions partner of choice for B2B brands like IBM, Microsoft, Forbes, SHRM, Cisco. We partner with our customers to drive demand, generate leads, and create improved pipelines. We provide those teams with the scale, efficiency and strategy that they need so they can focus on the results, which is getting in front of their customers and getting ahead of the competition.

So that’s a little bit about your sponsor. So, let’s dig in for a moment on privacy before we get started. We have this constant evolution of technology that’s made it easier and easier, for companies to collect, use and transfer data globally. Likewise, we’ve seen strict data protection and privacy regulation that’s been expanding throughout all of the key business jurisdictions.

And with that, we’ve seen that often those standards are complex and often inconsistent, especially in the US. So, some of the takeaways from today’s conversation, what you’ll learn is a landscape view of the US and global privacy, what you can expect, and how to prepare. Some defined examples of how you can leverage privacy as a competitive advantage and also how to build a privacy team that’s structured for success.

Our speakers today, I am excited to welcome accomplished privacy professionals to the conversation and saying privacy professionals is not easy. So, joining as our special guest from Forrester, we have Enza Iannopollo. She’s a Principal Analyst on the Security and Risk Team, as well as a certified information privacy professional.

Enza helps organizations worldwide on privacy and ethics through approaches that deliver business growth. While protecting the trust and brand of that company. In addition, she shares her research at executive conferences around the world and is often quoted in the media, especially Wall Street Journal and Forbes.

We are also joined by Karie Burt, our Chief Data and Privacy Officer here at Anteriad. So, we’ll have a good back and forth. Karie is also well-versed in global data privacy legislation, and she advises our clients and partners on the new reality of privacy as an agent for positive change. She’s also a regular speaker on the privacy circuit and was recently featured as one of the four leading women in Privacy by GRC World Wide.

And that article was published very fittingly on International Women’s Day. So, ladies, thank you both for bringing your depth and breadth of your privacy experience to our session today. Is there anything that you’d like to add about your bios or our takeaways for the day?

Karie Burt: No, let’s get started.

Enza Iannopollo: Yeah. I’m very excited to get started.

Dee Blohm: Great. All right, so before we started the webinar a few weeks ago, we conducted a survey on LinkedIn, very informal just asking businesses how they really felt about privacy. And these are the results that we saw. So, some are way over it, some are officially done with the acronyms. A lot of companies are prepared for privacy, but they just are doing it out of the obligation, and we do have a good number that are aware that it can help them to drive growth.

So, I think that sets the stage for our talk today. And I’m going to turn it over to Enza to get started.

4:41 – GDPR Is A Turning Point In Privacy

Enza Iannopollo: Thank you again. It’s pleasure to be here and thank you for having me. And, I’m always very excited about discussing these topics. There are a few things that I thought we could discuss today.

The very first one being, of course, an important turning point in the world of privacy. And especially, when I think about 2016, 2017, it was the time where, Europeans were upgrading the GDPR. And, there were of course a lot of, expectations about what that legislation is going to be.

And to a certain extent, there were also, some kind of feelings, maybe it was so different than we have seen before and was going to change a lot of things and that actually happened. GDPR is a real turning point, it was a real turning point about the privacy. We have seen privacy really stop being this niche conversation for lawyers.

And really becoming a conversation for the board executives asking about privacy and the GDPR and what are we doing as an organization. So has really changed the culture around privacy. We have seen also for consumers how their ability to understand and actually asking companies to follow and to respect their privacy rights has been growing since 2016, 17.

So really a turning point. They will do privacy. And another thing that has happened in the next slide is that privacy regulation at that point has gone global. We stopped seeing these European specific legislation, if you like, even though GDPR has an extraterritorial effect as we know.

But privacy has become really a global trend.

And I say that. We have seen in recent years a lot of privacy regulation being passed in very different places in very different regions. And, United National Conference for Trade and Development has identified that over 130 countries in the world today have some form of privacy or security regulation in place.

So, you can see the extent now. In my next slides, this is a view that we are prepared. We covered about we have done research on about 100 different countries. So, looking at the privacy regulation that each of these countries has, we have rated these different regulation on a scale. So, as you can see, there are still differences that our countries, they might have more stringent requirements for privacy. Countries that might have less stringent requirements, but certainly, again, this is just to give an idea of how broad privacy regulation has become and how it is present in very different countries, and especially in the US.

As you can see in this list, I’ll try to put together the recent or the most recent privacy regulations that we have seen emerging.

And as you can see, of course I mentioned the GDPR, there was the legislation in Brazil, that was also passed. Very similar, to the GDRP. By the way, Japan made making changes to their own privacy regulation. But certainly, in the US we have seen a lot of activity. It started with California, with the California Consumer Privacy Act.

But of course, there is the news, CPRA are very coming. And then other states that have joined California really in thinking about and redefining the expectation around consumer privacy. And actually, this slide from the IAPP it gives us an opportunity to click farther into what is going on in the US and you can see there the state of the progress of different privacy regulation in the states with a number of appeal, of course, that have signed, but also a lot been at this point discussed. So, I think that’s fair to say that we are going to see further change in the regulatory landscape for privacy in in the US and then this also means that, at the moment, there is really a lot of fragmentation.

So, for organizations that do a business in different states, clearly there are a number of things that they have to look into, a number of different requirements.

08:50 – Privacy Regulations Differ In The Details

And I love what a privacy officer told me the other day that it’s true that this privacy regulation has a lot of similarities, but it also true that you really need to look into the details.

And when you go there, instead, there are some differences that you need to take care of. So, from a business perspective, if you have to comply with all of these different regulation, clearly, we need to focus on the commonalities and make sure that we really create economies of scale there. But it’s also true that there are a lot of difference that we need to take care of.

And so, the classic question of. Are we going to see federal bill for privacy in the US? Using this slide, there are a few articles that I put there, but the idea is that we know that there is a draft that at the moment being discussed of a potential federal privacy bill in the US.

I love that someone said this is really a different privacy bill. This is not something we have seen already. This is something new from my perspective. I recognize that there are some pieces that are new, especially around the algorithm for example, and some other requirements for companies. But I still find this to be based on those seven good principles of privacy.

So still we see a lot of what we have learned around privacy in this draft. And probably we’ll have an opportunity with Karie to think about what is going to happen with this draft. But definite. It’s a very good sign, it indicates that this is now a topic that is clearly at the front, at the forefront of the discussion.

Something that we will see evolving definitely in the future. So possibly a way out of that fragmentation that we are seeing now. Now with these Karie, I’m very curious from your point of view, I have described all these changes from a regulatory, legislative standpoint, but how do you think this legislative landscape is actually affecting business decisions and how business operates?

10:49 – How Is The Legislative Landscape Affecting How Businesses Operate?

Karie Burt: Yeah, no, I agree with everything you’ve said, Enza and I think you know, it’s very important to quote that GDPR did herald in a new era of privacy, right? And it put privacy on the global stage, and then CCPA came in to effect. And I think what happened is it created mass confusion, right? People in the US thought that GDPR could apply to them.

People outside of California thought that CCPA related to them, and I think it, it is to your point, very hard to stay on top of this ever shifting landscape. But I think it’s really important to say that I believe most marketers and most companies want to comply, right? They want to uphold the law.

And I think, to your point, there are definitely basic tenants of protecting the rights of data subjects that we can all relate to as consumers, right? Needing to understand what data is held, who has access to it, how it’s used or activated by whom, right where it’s passed. And also, I think, you know how to stop your data being sold or transferred.

So, I think, all of this legislative activity does have some commonality for those basic tenants. But I think. Consumers are actually more educated than they’ve ever been. They now understand that companies sell data and license it and, they’re actually more powerful.

And I think that’s actually a good thing because at the end of the day, we’re all data subjects. My hope from a business perspective is that federal legislation.

Federal legislation should actually bring together all of these principles and kind of empower individuals to take charge of their personal data.

And the legislation should provide clear mechanisms to do that. And I think, from a business perspective, there’s really nothing to fear here for marketers, right? We want to build engagement. We want to create audiences and have people that are responsive and open to hearing from us and our clients, right?

But we’ve got to get some of these rights for the foundation in order for us to have that kind of positive impact. So really, I see the legislation as being a positive area for change. And I think, at Anteriad we definitely embraced it. We tried to get ahead of the conversation, right? The mass confusion caused a lot of companies to shrink back, maybe stop marketing to EU, for example. And we actually had a very different approach. We said, Okay, we’re going to use this as a business driver and we’re going to use it as a tool to differentiate ourselves from the competition. So that’s, I think, the lead up to how it affected us to your question, as a business,

Enza Iannopollo: Thank you, Karie. Thank you for sharing that. And actually, these just lead into exactly the kind of conversation that also I wanted to have. As we talk about privacy. You can still see here if you give another click, these are some of the articles that I put talking about the federal bill.

14:42 – Privacy Generates Competition

And now if you give one more click, we are going to go into the next kind of big discussion that we wanted to have, which was around privacy as a competitive differentiation, privacy generating competition. And I love what you said, Karie, saying, this is not just stopping marketing or changing or really shrinking those activities.

This is changing what we were doing before so that actually we can have more success. And this is what we see. If we get one more slide there, I have prepare some data that I wanted to share. That actually show we asked, this is a survey that we have recently released that are, the respondents are about 800 privacy professionals around the world.

So is a big group of respondents there. And we’ve asked them w which kind of benefits they have the experienced or they expect to experience as part of their privacy program. And fundamentally what they have told us, which again, is interesting if you think about the how their privacy discussion has changed.

They have telling us, of course, compliance, we, we do. Our previous program was for compliance, but then 41% of these respondents actually said that they use and are as a benefit of the program. They have increased the building customer trust, exactly to your point of this concern, being educated, acting, and of course recognizing the company that are doing well with their data.

They can respond to their request, there, I won’t be forgotten, and those companies then cannot include, this becomes a way to build, to build trust.

16:35 – Privacy Increases Brand Value

But also, 35% have said that they have seen brand value increase. So, privacy, bringing more transparency to the brand, helping building a reputation for being a brand that people can trust with their data, which is indeed very important.

And then about 30% of these respondents say actually that they have seen their program become an enabler for innovation. Which for me is very interesting. And I’ve seen from artificial intelligence and other kinds of machine learning, all these emerging technology then comes with risk. Privacy has forced organizations to say, Let’s think about these risks, let’s assess these risk and let’s see what we can do to actually make sure that these can be improved.

And again, you can see how these as definitely brought the conversation about privacy, brought data is definitely, can become a catalyst for change, even when it comes to, in. And I have these, I wanted to talk about this quote that I that I have seen in a conversation with one of these or with a privacy officer.

It was together with their with their CMO.

So, a marketing person, you can imagine at the beginning, their relationship between privacy and marketing needed to be worked out. But I all the examples that I’ve seen, when companies can find a way, these two groups to work together, the outcome is always a very positive outcome.

And in fact, I have this CMO from a B2B organization then said that GDPR has really pushed them to think differently about the customer engagement. And they have moved from thinking about marketing from a campaign model to a model that actually keeps the customer at the center of the decision making.

Really thinking about how do we engage this customer, what’s relevant to them, what we have done in previous interactions, what else we can bring to that relationship to actually help us move forward? And the response is then people find that what they are receiving from a marketing perspective is more interesting to them, keeps them more engaged.

So, there is a very profound change in the way organizations think about how do they engage customers and privacy has just forced them to think that way. But I know there are also at the Anteriad we have, you guys have done a lot. Also, I’ve embraced privacy and GDPR and privacy that in the US more, more specifically as a catalyst for change.

Would you like to tell me something about what it means for you in your organization?

Karie Burt: Yeah, no, absolutely. We looked at it as a chance to clean the house, right? So, we’re not just talking about that one closet under the stairs, and no one wants to go in, right? We had to go top to bottom and we looked at all of our processes, right?

And I was able to take like a 360 view of our whole organization. And I think it’s you need basic, thorough steps. What data were we ingested? What data is superfluous, right? What is absolutely necessary for us to run our business and work for our clients?

You know what data is considered sensitive, right? With GDPR and CCPA sensitive PII is now a definition, right? So, we wanted to look at what we were taking in and we really looked at all of our use cases, and it’s not just customer data or third-party data, as a business we create our own data, from our websites, from holding events like this, right?

20:16 – Being Worthy Of Trust & Protecting Customer Data

From employee data. That’s another area of obvious sensitivity. And I think, looking at customer data, it’s a really valuable asset that our customers have entrusted us with, right? So that had to be an area of focus to make sure that we were worthy of that trust and protecting that kind of data asset.

We revisited like. The scope of work with our customers, what we were doing with that data, what data they were providing us with, and we were looking in different ways as well. Because even if you take modeling or analytics, you may be stitching together data from different sources. Right?

So, we had think a bit differently, with vendors. That’s a really important area. We had to audit our vendors, make sure their processes were compliant. Again, check that they weren’t sending us superfluous data. You get vendors let go, oh, I’ll send you everything I’ve got.

Right? And that is not actually a good practice, right? So, we had to kind. Trim the fat.

I think the other thing that’s really important and we took a look at is don’t just assume it’s only like the data team that touched data, right? There’s lots of people within an organization touching data, right?

I think we’ve all seen salespeople emailing client files and copying a whole team, right? There’s stuff like that goes on. So, we had to make sure we had secure transfer protocols in place, and we had to train our staff about that. Obviously marketing and HR, you know, touch data too. So, I think, going back to those basic tenants, we were looking at how data is stored, processed, and transferred, right?

Because all of that has a knock on effect in terms of us being compliant and also having best practice. I think what we tried to do is really instill good data governance across the organization. Set up safe havens, clean rooms, have access controls for who was able to actually touch PII and have access to it.

So, we looked through a privacy lens and, tried to train our staff and create data ambassadors to increase the knowledge base across the whole organization. So, it’s not just within the privacy team, it’s extended throughout. And really for us, Enza, we had to reshape our approach and our culture.

And we’ve now worked hard to create a culture which has a greater respect for privacy. And, as a business, I think it’s important to mention that it’s not just that we are looking to protect ourselves, right? We read in the news about data breaches, data leaks, right? We also have to answer legislative bodies such as the EU for GDPR that we didn’t really have too before. So, I think, the key for us able to have this corporate transformation was really having to buy in from the top right, from our CEO downwards. And that was really important. It enabled us to shift the conversation and use privacy as a more positive agent for change, right?

Which was really a new start for our customers, employees, and partners. So, there was a lot of change in transformation, and it’s still ongoing, right? It hasn’t stopped.

24:20 – Privacy Creates Partnership

Enza Iannopollo: Well, I’m glad to hear, and I’m going to pick up on one element of all that you have mentioned, also that the word partner for a lot of course we think about privacy as a consumer issue and changing the way, but there is the customers parts of that, but also, Partner, the way we interact with other organizations, and in fact we are all linked in this, right?

You cannot be fully compliant if others in your value train are not. And so, it’s important that we consider that. And in fact, a lot of the work that I have seen organizations doing was indeed looking at that value chain. I remember a Chief Information Security Officer that in his organization was in charge for privacy too, that actually said he terminated a number of third party collaborations, because he wasn’t confident at that point.

There was not enough assurance that those third parties were aligned to what he wanted to do for privacy. They were, they weren’t compliant. They couldn’t prove to him that they were compliant. And in fact, still to them in the organization say that they take privacy compliance very seriously because of that third party pressure that they feel.

And as this is a topic also by itself in an evolution or around third party risk management, but I have some, I’ve seen organizations really innovating also there. And in particular, remember one European organization with a number of third parties, they said. It was, for privacy that they needed to then start to ask for more specific proof of certain, compliance or specific.

It wasn’t any filling in the questionnaire, and I’m going to trust you. We were in a moment where we started to ask deeper questions to those partners. And they felt that they had so many partners that they couldn’t take the same approach for everyone. So, they run a sort of risk assessment and they said there are some partners with whom we share personal information of our customers.

And also, there are partners that are very critical to our business so that those group of partners, we need to spend more energy around them. And they have created a new way of looking at them, including a face-to-face meeting once a year. So, you had really these people meeting, and he felt that actually that moment of being together was also important for value alignment.

And I love that because we are moving from compliance to, I want to talk to partner that understands what I’m saying, that knows what’s important to me and has to be the same for them. So, I find that this is really creating trust in the ecosystem. And again, one of those very interesting positive spills out from privacy that we have seen, and I’m sure that when it comes to third party risk and privacy, you have seen your customers embracing a lot of these activities. How have you, what is your perspective? How have you seen these aspect to privacy evolving in your experience?

Karie Burt: So, I, I think you know what’s been great about all of this hard work that we’ve done is we’ve seen many tangible benefits, right? I think one of the obvious ones is we have less customer and consumer complaints. So that kind of fosters more customer trust, right? And I think transparency has been key here, right?

We’ve taken away the black box and we’re exposing customers to our data ecosystems and we’re sharing with them our data driven best practice, right? And customers respond to that, right? Because they feel that we can be a trusted partner and vendor. Like in, in the same way we have these third party vendor relationships.

We’re a third party or vendor partner to our clients, right? So, it works both ways. I think one of the other things that’s helped us is we’ve introduced Privacy and compliance into our sales story. We get it into the conversation early, and it’s part of our collateral, It’s part of our approach.

And I think, before there wouldn’t be any mention of privacy and compliance until someone was looking at a contract, right? And it would be hidden in the subsection in TNCs. So, I think the fact that we are open about it, it’s actually had another tangible benefit that it’s helped us win business.

Because if you are talking to enterprise clients, they demand privacy and compliance to be part of the conversation, right? When you first pitch and go through the kind of first conversations, and then when you win the business, you are going through an onboarding process.

You have to jump through a lot of hoops, which you know, is best for both of us. And, we also had some enterprise clients that very early on introduced the notion of training our staff as being mandatory. And instead of just checking the box and doing that for one particular client, we’re like, Nope, we’re going to do this across the whole organization.

So that was something that was really positive. And I think, once you stop on this journey, you just embrace it, and you feel empowered. And you look for more ways, right? So, you know whether it’s SOC 2 or ISO, which kind of produce, provide, validation and accreditation for kind of data and data security and tech best practice.

That’s really important to us. We’re also now a Microsoft-approved vendor, and we have been for quite a few years. They audit us every year and it feels really good when we get that kind of sign off. So, I think, to your point, Enza, it’s not just about compliance upholding the law, it’s about looking to introduce better, best practice, right?

And a desire to be better, engage better. And really delivers more meaningful outcomes for our clients. And again, it’s, it is ongoing, right? You can’t rest, you can’t sit down. You have to make it an ongoing process. And I think, it’s really become knitted into the fabric of our business today.

And, it’s that better best practice that we strive for every day.

Dee Blohm: Hi ladies. I got disconnected there. You can’t beat live tv. My apologies. And I had to dial in on my phone.

Enza Iannopollo: This is a great point for maybe a poll, maybe we can ask the audience Sure. About some of their own experience we’ve been sharing our own experiences, but maybe they can tell us a little bit about their own experiences and yeah. There we go.

Dee Blohm: Okay, so we did organize a poll to ask all of our attendees if your organization Chief Privacy Officer.

We’re getting a lot of yeses, so that’s good. And that is 20 seconds. We’ll give them three more seconds. Okay, we have 89% yeses for those organizations that have a Chief Privacy Officer. I’m going to close that poll and open another one asking our attendees if their organization has mandatory privacy training.

So, let’s go ahead with that for 20 seconds.

Getting high numbers here too. Karie, you’ll be happy.

All right. That’s 20 seconds in. We have 90% yes. That they do have Mandatory privacy training. So that’s good news. And actually, it’s a very good setup for Enza on some states that she’s about organizations and their privacy.

Enza Iannopollo: Yes, thank you Dee and thank you for everyone sharing with us a little bit of their own experience and the in their organizations. And I want to have that as an opportunity really to talk a little bit about how privacy teams are evolving and are changing because if it’s through the privacy as moved from this niche, topic for lawyers to a topic for executives, boards a topic that has changed, not the way we comply with regulation only, but the way we engage with customers, the way we build competitive advantage.

Clearly. Also, the team supporting all of that to change. And so, the very first data point that I want to share with you, again, we are using that survey of 800 privacy professionals that we have recently completed. We asked, do you have Chief Privacy Office? There are now 52% of the respondents who said yes.

So very much in line with what we have. Heard also from the audience today is also interesting to notice that 27% said we don’t have a privacy officer with our drop title, but we have someone in an executive position that plays that role. And I think very great news. We are looking again over here almost 80% of the respondents really saying we have someone executive positioning for privacy. We have a privacy officer. Such a change. If you remember, 2016, 2017, banks have Chief Data Protection Officer, but we wouldn’t find privacy officers so spread in organization. So, there is really an element of change there.

And also, to the next, if you move to the next slide, please. We have seen, we have asked about. Yeah, there was a build the where is privacy reporting to? Again, if we saying, in the past we’ve seen a lot of legal and still directly there is an important legal element here and there are some organizations and still that privacy reporting into the legal counsel.

We start to see a change. Privacy is this business enabler is competitive advantage, and therefore we are starting to see privacy reporting more and more into the chief executive officer, the CEO in organization, really making this clear, a very important legal topic but also an equally important business topic.

And so really reporting to the business. We start to see also the interaction between privacy, legal with IT and security and data more and more. And so, one part, 13% are saying we report privacy reports to the CIO or the chief information security officer. So that is a little bit to the change that impacts we are seeing business IT and security, being more integral to the privacy team, being much more aligned to the privacy team and actually, if we move to the next slide, I’m going to show you the composition of these, oh. This sorry. This is about the organization, having privacy team in place. 67%. Again, just another reference to the fact that we have seen a level of maturity there with private teams really being present in organizations today.

Again, a few, just a few years ago, that wasn’t really the case and now. We can go to this slide that I wanted to show you about the skills and how these teams are actually organized. There is a built on these slides, so if you give me, one more clicks it will appear and basically the emphasis there is – where is, where are the members of the privacy team coming from? Which kind of skills and expertise do these teams have? You can see, of course IT is very big component there, but it was interesting to see that actually data and business skills start to be present and in demand in privacy team. Again, such a great alignment to see this happening inside the privacy team, with all that we have discussed.

These are the people that need to also be there to support the kind of evolution that we have been talking about in the last hour, so in the last 14 minutes. So, it’s a very good proof point of what we are discussing. And I have one more slide for you. I want to show who is involved in the design and executional privacy policy? Again, more confirmation.

37:55 – Privacy Has Really Become A Cross-Functional Discipline

What we have seen, privacy finally is really, has really become a cross-functional discipline. We said that for a very long time. But finally, you start to see, can you see how there are teams that are more involved, but you see how spread is the collaboration for privacy from data analytics to data management, customer experience.

Really the organization as a whole coming together for privacy, which again I think is very interesting to see. Very stimulating for those online that might still have organizations that are more selective on the privacy skills. This is the time to really embrace inclusivity in that sense, really having a lots of different participation from different teams.

When this happens, when you have a privacy team that is really cross functional, when you have a lot of clear understanding of your system, your data flows because it security is part of this of this team happens. Exactly what the privacy manager in the next slide actually told me. This is a very interesting quote.

We all talk about personalizing privacy, but the point that this privacy manager is making is “I can stick my head in certain environments, check what they are doing. I know, I understand, and I can verify. And this is where your operationalized privacy”, and I love it because it is all about understanding data flows, the environments and the people that are working with that data.

That’s the only way you can actually operationalize privacy. So, I really like the quote there. Karie, what do you think? Do you share the view of this privacy manager? Or what is your reaction to.

Karie Burt: Oh, no I absolutely love it too. Enza. And I think it’s true.

You have to have visibility across the whole organization. And for me personally, what I like is it is a collaborative job, right? You’re not in the back room somewhere, right? I’m working across the whole business with my peers in every function, and that’s the only way you can. To be honest, you have to have the buy in from the top.

We’ve got it from our CEO to empower me to work across the whole business at a senior level. And to your point, you have got to get the workflows in place and that does make things easier. But you need to have someone to own it. Right. You need to become the gatekeeper and you need to understand what’s flowing in right and what’s flowing out and keep on top of it.

So, I think, the other thing, my advice is to anybody that in this position is, you have to ask questions, right? You have to ask the whys, what, where, when, And I think, you also have to challenge, right? Existing setups challenge the we’ve always done it that way. Right approach.

Because we’ve always done it that way. That could be the one thing that could get you into trouble, right? So, I think, being empowered, having that buy in and just having that visibility is really important for us. And I think we’ve taken this approach.

And it’s multilayered, right? It’s not just to protect our customers or our partners or our employees, right? We’ve also got to protect our corporate data assets, right? Which are valuable. We need to maintain our reputation as a business and a brand, right? And I think by adopting and embracing all of this, we’ve definitely seen downstream positive outcomes right there through creating that trust and transparency, those values.

It’s interesting that they’re very symbiotic with our corporate values as well. And I think we see this kind of merging creating trust, transparency, openness, and I think you know that value creation benefits everybody, employees, clients. And so, it’s really been a win-win. And I think the fact that we’ve been able to embrace it and make it a business driver, has really created positive change.

I would like to have clearer legislation, especially on the federal US side so we can keep the momentum and good work up. But no, I think it’s been a really interesting journey the last few years and we’ve had a, we’re seeing the benefits and it’s been very positive for us as an organization.

Enza Iannopollo: Thank you for sharing all of that. Karie, it was very interesting to hear from me as an analyst, as a privacy professional. I’m sure that everybody on the line is very happy for hopefully these very these discussion. I think that if we have no questions, we may be able to wrap up.

Do you have any questions on your side, Karie?

Karie Burt: No

I think, I appreciate everyone joining us on a holiday weekend in the US I think, I think Enza, I would love to have another session with you later towards the end of the year and maybe we will have some federal privacy legislation to discuss.

And we can see how that looks. We will make sure Enza has some additional great slides that anyone viewing this live didn’t get to see. So, we will make sure that everyone who registered gets a full copy of the deck and, off of.

Dee Blohm: My, my dialup is working, It’s like 1990 over here. We did get a couple of questions and I would just love to go through those my apologies if they were coming in while my internet was in and out.

So just for Enza and Karie, I’ll let you decide who should take these, but we’ve got a question about what and when is the next largest privacy legislation expected.

44:36 – What And When Is The Next Privacy Legislation Expected?

Karie Burt: I think the US one is obviously very significant because it’s marrying the whole US landscape together. So, from a US perspective, it’s federal, I think Enza’s obviously is a global analyst.

If she may have a different perspective on this. What do you think of Enza? What’s next?

Enza Iannopollo: Yes. I think next two things are yes, like on a global perspective. One interesting place is China at the moment where they have passed last year, they knew privacy regulation. There are some security regulation, but there is a continuous update of the standards coming out. So, there is a lot happening there in terms of implementation pieces to those regulations. So, for those of you that might have operations in those in that part of the world, definitely want to keep watching. And then India is the other one that you have been working.

India has been working on this piece of legislation for a very long time. So, it’s difficult to say that, but I think maybe at the end of this year that may be ready but is a very interesting piece of privacy legislation where potentially even anonymized data, if it was personal originally, maybe still considered partially personal, would some requirements that would apply even in that case.

There are some requirements for international data transfer. A lot of organization, of course, Data and teams and support in, in that region. So definitely another one to really watch out for because it might have very strong potential for change. Again. Thank you.

Dee Blohm: There was also a question about global privacy.

Do either of you foresee a global privacy regulation? You may have answered that a little bit in the last one.

46:31 – Is Global Privacy Regulation In The Future?

Karie Burt: I think global peace may be easier to achieve. I think that, we never have that, but I think what I would like to see is a homogenization of regions adopting the basic tenants, right?

Around privacy that Enza and I talked about, right? Because you can distill it down to respecting data, subject access rights, and that will be a good agent for change. But I don’t think it will come in from a global level, unfortunately. I think we’re still going to have to navigate some of these different region.

So yeah, still a lot of work to be done. Enza?

Enza Iannopollo: Yes, I agree. I think that we probably, we never achieve the level of interpretability if you like. And also, privacy is, in a way, has some very important cultural elements. So, I think that some differentiation, some differences are reflective of the culture of the countries and so will stay there of them, they may be reflective history as well, might stay there and I’m definitely. I think that is the right thing to do.

At the same time as you were saying, and I agree, there are some key principles that are there. And those we can share, those we can really stand across regardless of where you are those seven, I think is the number that we typically five those principle or privacy that are definitely very important in every place.

And in fact, when I work with organizations that are multinational, then says, how do I start? There is so much for me to cover. Typically, we look at those key principles that are going to be there in some shape, in some form, in all of these different privacy regulations. And we also often look at the high bar.

So, looking at the high bar and then everything else can tend to fall in place. So, there are some strategies to really try and minimize the impact of fragmentation, but one single privacy regulation globally, probably not.

Karie Burt: Agreed.

Dee Blohm: We have one more question and I think it’s a good one. So, you’ve told us about the rules.

48:51 – Is There Any Enforcement Of The Privacy Rules?

Is there actually any enforcement? So that’s a good one.

Karie Burt: Yeah. I’m going to defer to Enza on this because I know it’s something that obviously Forrester tracks very closely. Over to you.

Enza Iannopollo: Yeah, thank you. It’s a question that I often receive. This is something that we say there are so many rules what is actually happening with you?

And probably we don’t see the headlines that often, but the regulators are indeed enforcing the rules. I can give an update from here from Europe. We are at the moment tracking over 1000 enforcement actions and fines that have been issued. So, regulators are very active. We have not seen find, actually ease the 4% of global turnover of any company, but we have seen also significant fines in the last few years.

But again, the fact is that regulators are very active. Definitely looking in international data transfer issues as well as some of those, issues related to consumers rights. So, there is a lot going on from an enforcement perspective. And also, California recently published our first sort of activity report for the first year of CCPA and we have seen there a number of also enforcement action.

There is not as much as we have seen in Europe because of the time. Of course, it’s a case of GDPR. But again, some very good insights and one of the thing that was interesting to me is really in the CCPA, how this is a real cross-industry effort. There is not necessarily focusing on a single sector, but really.

Looking at the practice of companies in very different sectors, I think their activity report for the first year of CCPA made it very clear everybody is in, and everybody has to look at those roles if they apply. So was definitely interesting to see.

Dee Blohm: Okay. That’s great. We are just out of time.

So, I want to thank Enza and Karie for joining us today and for those of you who joined us virtually. We appreciate your participation in the survey and with your questions. Apologies for any technical difficulties. I would love to hear your feedback on the content. If this webinar was helpful, I promise it’s just a two question survey.

Enza. Karie, again, thank you. Wishing you a great weekend. And then just for what’s ahead from Anteriad next month, we’ve got our webinar on July 27th on data activation, leveraging and optimizing the strongest tool in your toolbox. So, a big thank you to everybody who came today and to our speakers.

Have a great weekend and stay safe.

Karie Burt: Thanks everybody. Thank you, Enza, thank you Dee. Bye.

Dee Blohm: You’re welcome. Thanks.

Enza Iannopollo: Bye.