Interview With Gartner Analyst: How Data Protection Will Change

Which significance do you see for the GDPR worldwide? How is the GDPR impacting data protection globally?

In 2018, when the GDPR went into effect, it lit the match and became directly responsible for a wave of regulatory changes in data protection around the world. We are tracking this change and predict that by the end of 2024, 75 percent of the world’s population will have their personal data covered by a modern data protection regulation. Furthermore, when multinational organizations are looking for a global standard for handling personal data, the GDPR is always their go-to.

Where do you see the biggest challenges in data protection now and in the future?

We divide data protection maturity into three phases: Establish, Maintain and Develop. Most organizations will spend the first two years establishing basic capabilities to address data subjects’ rights and properly manage consent. As they mature, they will begin to address third-party risk, including cross-border transfers and machine learning / AI workloads where privacy concerns are quite complex. These are the biggest privacy challenges for enterprise customers

But if we take a step back and look at the bigger picture, the changes in the adtech ecosystem, an ecosystem that today pays for a free internet, present the biggest challenge for regulators as they try to transition the world to a privacy-preserving model.

You say security and technology will help more with privacy implementation in the future. Where would that be possible today?

Privacy enhancing computation techniques, which are computationally intensive (for now), allow data and insights to be shared with minimal privacy risk and adequate protection. This technology will continue to evolve and expand until it becomes a form that is available by default.

The user must have sovereignty over the data. Here, you see Centralized Privacy UX as a trend. Why has that failed so far?

The level of transparency and control is where many organizations struggle. Most will provide an individual with their data upon request and the response will take weeks. They view data subject rights as a regulatory requirement rather than an opportunity to build trust and build stronger relationships with customers.

More customer-facing organizations provide their customers with a privacy or transparency portal where users can interact with their data in real time and manage how that data is used/shared.

Organizations, particularly those with customer-facing operations in areas such as retail or hospitality, are finding that providing transparency should be managed the same way they deliver their core products, and that a poor experience with transparency negatively impacts customer sentiment toward the brand.

What available privacy technologies should companies focus on and adopt as soon as possible?
For consumers, we always focus our advice on the two main gateways through which individuals share their data: Browsers and mobile platforms. We recommend using browsers with granular and configurable privacy controls and taking the time to set up data sharing and consent aspects on their mobile devices to limit the data they share to their needs.

In addition, we encourage consumers to engage with brands around privacy and transparency. The more brands understand that this is an issue their customers care about, the more they will incorporate it into their design and decision making. We see privacy becoming a persuasion-based motivator, much like “organic.” In this case, consumers will prefer, and sometimes pay a premium, to engage with brands that prioritize privacy and transparency.

Gartner: these five trends will prevail in data privacy by 2024
Biography of Nader Henein, VP Analyst at Gartner