Members of FTI Technology’s EMEA data privacy team have recently participated in several recent industry events, including IAPP Data Protection Intensive: UK 2022 in London. In addition to presenting on topics including establishing Privacy by Design (PbD) programmes, our team has embraced the return to in-person events as an opportunity to listen to and engage with the broader privacy community in conversations around several evolving trends. This article reflects on key trends our teams are following.
As experts have shared solutions and strategies to address current problems, many also acknowledged that a range of variables — including the state of global regulatory oversight, governance in a world of permanent hybrid working and the delicate balance across innovation, data value and protection of privacy rights — can’t be solved in a one-and-done manner, but will rather require ongoing, flexible management.
One recurring theme that surfaced across many discussions is the idea that the perception of data privacy is (slowly) shifting from being viewed as a burden to being embraced as a strategic enabler. This was a key focus in FTI Technology’s hosted session at IAPP DPI in London, ‘Privacy by Design — How a Privacy Culture Can Drive Innovation,’ which provided insights on how organisations can embrace the principles of a PbD framework. Key takeaways from that panel include:
- Despite increased awareness of the importance of privacy, there was general consensus that privacy teams remain relatively small and under resourced. Because of this, privacy assessments of new products or projects can become bottlenecked, which stalls innovation and leaves teams feeling constrained.
- Privacy professionals want to better enable their organisation’s product and project teams to be more self-sufficient. We discussed how they can do this through knowledge sharing and task delegation, so the privacy group can remain focused on managing complex issues.
- Building a business case for privacy programmes is critical, but challenging for many. Privacy teams must continue to improve how they demonstrate the payback of managing privacy considerations proactively — such as the long-term business advantages of operating as a transparent and trustworthy organisation, or the avoidance of unforeseen downstream costs that arise when privacy considerations are addressed late in the product development lifecycle.
- Privacy officers have an opportunity to better leverage existing internal resources to achieve privacy goals and establish PbD. By tapping into processes, teams, infrastructure and software deployments that are already well established within the organization — such as within information security and IT — privacy teams can often implement data protection controls with minimal additional investment. Teams that can collaborate well with security, IT and other counterparts can gain ground faster than those who remain siloed from adjacent groups.
- The concept of defining “data products” is gaining traction, where data (of a particular domain) has a set of existing users with needs, requirements and objectives. One of the key ingredients for an effective data product is the users having trust and confidence in their ability to leverage that data. The privacy team has a critical role, alongside data governance and information security professionals in this regard.
Overall, privacy is a rapidly maturing field and organisations are making steady progress in improving organisational maturity. Some are beginning to move beyond compliance to build data protection, transparency, trust and consumer privacy into the fabric of their corporate culture and business-as-usual operations. There is significant interest across the profession in how privacy can support business and data science teams in achieving their aims in a compliant way. These are encouraging and exciting developments that will ultimately bring organisations closer to a model in which they can uphold privacy rights without curtailing innovation.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.