2023 Privacy Professionals Survey Results
by Sypher - January 10, 2024
At the very end of 2023, we carried out a survey of data protection professionals. A big THANK YOU to everyone who took part 🤗 all 120 of you!
What’s the privacy survey all about? We set out to provide an in-depth examination of the diverse roles of privacy professionals, including full-time and part-time DPOs, external consultants and those with additional responsibilities. The survey delves into the different responsibilities and identifies key challenges and tools to improve efficiency.
Today, we're really excited to share the results with you.
Let’s dive into some interesting findings!
First, responsibilities - Privacy professionals play a key role in providing guidance and advice within the organisation, with most respondents acknowledging this responsibility. Creating and updating privacy notices and training are the next most common duties.
Check out the chart below to have a broader picture of all jobs to be done by privacy professionals.
What else was mentioned? AI compliance and governance, information security-related aspects and the alignment of extraterritorial legislation with the GDPR were cited as “other” responsibilities of privacy professionals.
We dug deeper into the data here as we were curious about the responsibilities of internal DPOs - not surprisingly, the ranking remains similar, with slightly higher numbers - 97% provide guidance, training is provided by 94% of respondents, and 92% are responsible for creating and updating privacy notices.
Highest priority tasks - Investigating and managing privacy incidents or data breaches; managing privacy-related complaints, and managing and responding to DSARs are the jobs that top the high priority list for privacy professionals.
These tasks are critical in nature and highlight the immediate attention required to effectively manage and mitigate potential risks associated with data protection incidents or requests.
Most difficult tasks - Documenting and enforcing data retention policies, identifying and documenting data transfers to third countries, and creating and updating Records of Processing Activities (ROPA) were identified as the most difficult tasks, particularly by professionals in larger organisations.
Software adoption - With a 54% adoption rate of specialised software, technology is a key enabler of privacy compliance programmes, leading to a significant improvement in the perceived ease of tasks (up to 44% for those using such tools!!!).
Top imperatives – What is most important for privacy professionals to create the right environment for privacy compliance? Well, staying informed about changes in privacy legislation, creating awareness and engagement within the organisation, and learning about organisational changes are the top imperatives across roles, industries, countries and organisation sizes.
Top challenges - Securing budget for privacy management software or tools, getting executive buy-in and obtaining practical information are the top three challenges privacy professionals face when trying to create an enabling environment for privacy management.
Differences between European and other privacy legislation, the impact of AI compliance and governance, information security-related aspects and finding the right people to help were also cited as common challenges.
Concluding remarks on the privacy survey findings
The results of the 2023 Sypher Privacy Professionals Survey underline the need for a comprehensive approach to privacy management.
Organizations aim to align more their strategic goals with the challenges of data protection. To achieve this, ongoing learning, teamwork, and active involvement throughout the organization are crucial.
Notably, the use of specialised software has emerged as an enabler, particularly in addressing complex tasks such as creating and updating the Records of Processing Activities (ROPA).
Respondents also placed a high value on collaboration, which is at the heart of successful privacy efforts. It's important for departments to work together to ensure that everyone is following good privacy practices that are aligned with the organisation's goals.
These practices help create a thorough strategy for managing data protection in a constantly changing regulatory environment.
This article only presents highlights of the survey results. Want to know how much help internal DPOs get, which industries have the highest software adoption, which tasks benefit most from software tools, and more?
