Contrary to what many executives may believe, privacy is not just a matter of removing regulatory barriers and achieving compliance. Privacy is about moving business forward.
Above all, privacy is personal, and the average consumer really cares about what companies do with their data. In other words, customers will leave if they can’t see the measures companies are taking to protect their personal data. These privacy concerns will only become more pressing in the coming years.
Gartner predicts that by 2024, average annual privacy budgets for large organizations will exceed $2.5 million, allowing for a shift from compliance ethics to competitive differentiation. During 2026, organizations that mishandle personal data will suffer financial damages from class action and class claims three times as much as from enforcement penalties.
Gartner’s Top Privacy Trends show the critical drivers business leaders need to engage over the next two years to manage responsibility and build trust when dealing with personal information. Here are the six main trends driving the privacy landscape and what enterprise leaders can do about them.
Centralizing the Privacy User Experience (UX)
The common denominator of many modern privacy regulations is the set of privacy rights afforded to individuals. In the next two years, more than 60% of the world’s population will be able to exercise these rights freely – doubling today’s numbers.
These regulations, along with increased consumer demand for transparency, lead to the need for a centralized privacy UX: a one-stop shop where organizations provide users with information about their data and how it is used. This allows users to exercise their privacy rights and maintain control over their information.
to do: Bringing all aspects of privacy UX – notifications, cookie management, consent, and subject rights – in one self-service portal. It is necessary to do this gradually and not try to boil the ocean overnight. For example, let’s say you oversee privacy at a university. Over time, invite the different data owners across the organization to integrate their stores of personal information into the privacy portal. You may have the admission data and the registrant in the privacy portal first, then the housing and athletics will join to provide a fuller offer to the students.
After a decade of working for companies to embrace the cloud, a new trend in the data site risks reducing that momentum to a crawl. Data localization planning will turn out to be a top priority in the design and acquisition of cloud services.
The drive for data localization is driven by some sub-trends:
- State Security: Governments do not want confidential data to be stored outside their territory.
- Intelligence gathering: Some governments want to make sure that law enforcement can access information locally.
- Protectionism: An extension of national politics and the belief that locally generated data should benefit local businesses (rather than multinationals).
- Globalization: Where regulations such as the GDPR allow the free flow of information, as long as it is treated in line with a set of rules.
to do: Organizations will have to review and – where necessary – re-engineer existing cloud deployments for modularity, invoking centralization where possible and localization when necessary.
Artificial Intelligence Governance
AI governance is about understanding the impact and risks of processing large amounts of personal data through AI-based decision engines. This is an urgent problem because AI deployments are growing at a rapid pace, and AI will soon be involved in most decisions made by organizations.
AI-powered automation has become an integral part of business, operational, and security workloads. Organizations will consider regulations for guidance on the privacy and ethical risks of AI, but these regulations are still very fragmented. AI governance will force organizations to re-evaluate their use of technology and adjust organizations’ purchasing habits to identify and mitigate the negative impact on customer privacy.
to doWork with data leadership to develop a process to understand AI risks and develop a mitigation plan. Note that you also need to be prepared to defend your decisions with clear AI articulation.
Everything is hybrid
The combination of remote and in-person work, school, activities, and more has implications for everything we do. From employees to students, the most sensitive information is processed digitally and thus privacy risks increase across the organization at the personal, organizational, and consumer levels.
to doAn agile approach helps organizations address the unexpected stresses caused by the pandemic and the hybrid business model. Properly processing personal data is not a hindrance to everything mixed when adopting an agile approach.
Privacy Improvement Account (PEC)
PEC technologies protect personal and sensitive information at the data, software or hardware level. It enables organizations to securely share, aggregate, and analyze data without compromising confidentiality or privacy. Organizations are increasingly seeking PEC technologies to secure data sharing, analytics, business intelligence, and untrusted computing use cases.
to do: Consider three primary areas of PEC based on your organization’s needs: data conversion via synthetic data or symmetric cryptography; Software-based computation by unified machine learning or zero-knowledge proof; or hardware considerations such as covert computing.
It’s important to keep in mind that Gartner’s privacy trends do not exist in isolation, but rather at the nexus of multiple trends that affect IT, marketing, human resources, and more. Engaging these stakeholders in the privacy conversation ensures easier purchasing, greater value and a shorter time to value.
Privacy is not just an IT or security issue; The impact of these privacy trends will be felt at the enterprise level. For customer-facing organizations specifically, the extent to which they embrace these privacy trends, can make or break the business. Gartner recommends that all organizations prioritize the trends that will impact the business the most, and then engage their leadership peers in other business units to align, support, and track each trend over time.
Nader Hanin He is the Vice President of Research at Gartner, Inc. Which showcases Gartner’s top privacy trends during Gartner Security and Risk Management SummitThis week it will take place in the Americas.