Privacy leaders are under pressure to ensure that all personal data processed is brought in scope and under control, which is difficult and expensive to manage without technology aid. This is where the use of AI-powered applications that reduce administrative burdens and manual workloads come in.
“Privacy laws, such as General Data Protection Regulation (GDPR), presented a compelling business case for privacy compliance and inspired many other jurisdictions worldwide to follow,” said Bart Willemsen, research vice president at Gartner.
“More than 60 jurisdictions around the world have proposed or are drafting postmodern privacy and data protection laws as a result. Canada, for example, is looking to modernize their Personal Information Protection and Electronic Documents Act (PIPEDA), in part to maintain the adequacy standing with the EU post-GDPR.”
AI to reduce compliance headaches
At the forefront of a positive privacy user experience (UX) is the ability of an organisation to promptly handle subject rights requests (SRRs). SRRs cover a defined set of rights, where individuals have the power to make requests regarding their data and organisations must respond to them in a defined time frame.
The 2019 Gartner Security and Risk Survey revealed many organisations are not capable of delivering swift and precise answers to the SRRs they receive. Two-thirds of respondents indicated it takes them two or more weeks to respond to a single SRR. Often done manually as well, the average costs of these workflows are roughly US$1,400, which pile up over time.
“The speed and consistency by which AI-powered tools can help address large volumes of SRRs not only saves an organisation excessive spend, but also repairs customer trust. With the loss of customers serving as privacy leaders’ second highest concern, such tools will ensure that their privacy demands are met,” said Willemsen.
Privacy spending to climb US$8 billion by 2022
Through 2022, privacy-driven spending on compliance tooling will rise to $8 billion worldwide. Gartner expects privacy spending to impact connected stakeholders’ purchasing strategies, including those of CIOs, CDOs and CMOs.
Willemsen reckoned today’s post-GDPR era demands a wide array of technological capabilities, well beyond the standard Excel sheets of the past.
He acknowledged that the privacy-driven technology market is still emerging.
“What is certain is that privacy, as a conscious and deliberate discipline, will play a considerable role in how and why vendors develop their products. As AI turbocharges privacy readiness by assisting organisations in areas like SRR management and data discovery, we’ll start to see more AI capabilities offered by service providers,” he concluded.