Discover how organizational priorities and strategic approaches to data security and privacy are developing across the globe. Gain a deeper understanding of how your organization's privacy program compares to those of your peers and learn about the emerging trends that will shape the future of privacy.
Hear insights from more than 1,500 global privacy professionals and business executives. Our 4th Annual Global Privacy Benchmarks Survey presents a comprehensive analysis of the progress made by privacy programs in the past year, the expansion of privacy teams, and the most pressing privacy challenges faced by organizations.
2. 2
Operating Regions and Head Office
60%
66%
50%
39%
36%
30%
27%
US Europe United Kingdom Canada Asia Pacific Latin America Middle East and
Africa
37% 39%
13%
3%
6%
1%
1%
US Europe United
Kingdom
Asia Pacific Canada Middle East
and Africa
Latin
America
Where is your Head Office located?
Which of the following regions and countries does
your company operate in? (choose all that apply)
3. 3
2023 Top 5 Challenges
10%
8%
8%
10%
8%
7%
8%
10%
7%
9%
13%
12%
13%
11%
14%
24%
27%
24%
27%
25%
27%
30%
28%
28%
27%
20%
16%
17%
16%
17%
Artificial intelligence implications in
privacy
Compliance risks from regulatory
oversight and penalties
Reputational risks from social media
Cross-border challenges
Developing a privacy first culture within
enterprise
0 - Not a challenge 1 - 2 - 3 - 4 - 5 - Extremely challenging
Among 18 potential challenges, "artificial intelligence implications in privacy" ranked first.
4. 4
AI Challenges by Industry
46%
59%
52%
52%
48%
46%
45%
45%
42%
41%
37%
36%
36%
32%
Overall
Financial
Education
Technology
Telecommunications
Retail
Insurance
Consumer Goods
Manufacturing
Health Care
Consulting
Other
Transportation
Food & Beverage
Percent “4 + 5 extremely challenging”
More
challenging
than average
5. 5
7 Keys to Privacy (and Privacy Outcomes)
1) Having the Board of Directors regularly review and discuss privacy matters.
2) Pursuing privacy as a core part of business strategy.
3) Making sure privacy permeates day to day business decisions with great importance.
4) Embracing privacy practices as a key differentiator.
5) Being mindful of privacy as a business.
6) Ensuring every employee can formally raise a privacy issue with confidence that there will be no reprisal.
7) Sufficiently training employees in privacy matters.
Resulting in…
• Confidence your company keeps all relevant data secure and protected.
• Confidence your customers/employees /partners & third parties/general public in your management of
data privacy.
7. 7
Measuring Privacy and Its Impact
20% 19%
14% 14%
66% 67%
Yes
No
Dont know/
Not sure
Does your company currently measure the
effectiveness of its privacy program?
2023
2022
52%
61%
21%
Overall
Companies that
measure privacy
Companies that do
NOT measure privacy
Privacy Index Score
3x
9. 9
Privacy Concerns
How important are the following topics to your company as they relate to privacy concerns and regulations?
[“Don’t know/Not sure” excluded]
2%
3%
3%
3%
6%
5%
5%
5%
7%
8%
11%
5%
7%
8%
7%
9%
9%
8%
10%
7%
12%
11%
15%
16%
16%
16%
18%
19%
21%
18%
19%
18%
17%
34%
33%
33%
34%
29%
35%
34%
32%
28%
31%
27%
43%
41%
40%
39%
39%
32%
33%
35%
39%
31%
34%
Third party risk management
Data Discovery and Scanning
Global privacy controls
Data Subject Access Requests (DSAR) technology solutions
Artificial Intelligence (AI)
Ending and/or alternatives to third party cookie collection
Localization of consent preferences interfaces
Privacy-as-a-service solutions
Transfers of data outside the EEA and UK
Biometrics
Blockchain technology
Not at all important Slightly important Moderately important Important Very important
10. 10
Third Party Risk Management Concern by Role
77%
85%
85%
74%
73%
69%
Overall
Senior executive (e.g. CxO, EVP, SVP, Managing Director)
Privacy executive (e.g. CPO, DPO, Chief Compliance
Officer, General Counsel)
Manager outside the privacy function (e.g. VP, Director,
Manager, Team Leader)
Full time employee outside the privacy function
Privacy team member (e.g. Privacy Counsel Privacy
Program Manager Privacy Enginee
More
important
than average
11. 11
Standards/Certifications Undertaken
56%
46%
34% 33%
30% 29%
27%
24% 23%
22%
19%
16%
ISO 27001 ISO_IEC 27701 Generally
Accepted
Privacy
Principles
ISO_IEC
27002:2013
ISO_IEC
29100:2011
ISO
22307:2008
NIST 800
Series
SOC2 FedRAMP PCI-DSS Nymity
Framework
COBIT
12. 12
Impact of Standards on Privacy Competence
51.8
67.4 65.4 64.9
62.3 62.1 61.6 61.0 60.8 60.5 60.0
55.1 53.9
Overall Nymity
Framework
Generally
Accepted
Privacy
Principles
ISO_IEC
27002:2013
NIST 800
Series
ISO_IEC
29100:2011
ISO_IEC
27701
ISO
22307:2008
PCI-DSS ISO 27001 SOC2 COBIT FedRAMP
Privacy Index Score
13. 13
Privacy Teams
92% 89% 91% 91%
38%
93% 91% 92% 91%
73%
Over US $5
Billion
$1B to $5B $501M to
$999M
$51M to
$500M
$50M or
less
Company Revenue
2022 2023
92%
90%
91%
78%
8%
10%
9%
22%
2023
2022
2021
2020
Yes No
Does your company have a dedicated Privacy Office?
[results shown in each year for companies
$50M+ in revenue, excluding “DK/Not sure”]
14. 14
Privacy Vulnerability
Has your company suffered from any of the following in the past 3 years? (choose all that apply)
34%
27%
25% 24%
21%
23%
30%
24% 23% 22%
19%
26%
27%
23%
20%
18% 18%
13%
31%
Data breaches Large scale
cybersecurity
attacks
Regulatory
investigations
actions or fines
Data privacy
lawsuits from
consumers
Adverse media
scrutiny
Loss of trade
partners due to
privacy concerns
None of the above
2021 2022 2023
15. 15
Primary Solution
17% 16%
20%
14%
27%
25%
16%
22%
20% 22%
Privacy management software
Governance, Risk and
Compliance (GRC) software
Internally developed system
Free or open–source privacy
software solutions
Spreadsheets, email and/or
word processing software
What primary solution do you use to manage your privacy program?
17% 16%
20%
14%
27%
25%
16%
22%
20% 22%
2022 2023
16. 16
Impact of Solution on Privacy Competence
52
60
56
53
52
47
Overall
Privacy management software
Governance Risk and Compliance (GRC)
software
Internally developed system
Spreadsheets email and/or word processing
software
Free or open source privacy software
solutions
Privacy Index Score
17. 17
Confidence in Employee Privacy by
Preparation for CCPA Enforcement
5%
1%
22%
6%
43%
37%
29%
56%
Overall
Very Prepared for CCPA
enforcement
No confidence Very little confidence Some confidence A great deal of confidence Complete confidence
18. 18
Impact of CCPA Enforcement
Preparation on Privacy Competence
6% 13% 20% 33% 28%
Not at all prepared A little prepared Somewhat prepared Prepared Very prepared
How prepared do you feel your company is for enforcement of the following privacy laws as it pertains to your
business? If the particular regulations do not apply to your business, please choose "Does not apply".
28 30 35
61
78
Not at all prepared A little prepared Somewhat
prepared
Prepared Very prepared
Privacy Index Score
19. 19
Privacy Benefits
On a scale of one to five, how important are the following with respect to your company’s privacy efforts?
3%
4%
3%
4%
4%
9%
6%
8%
8%
9%
13%
14%
15%
17%
19%
20%
25%
27%
30%
32%
55%
52%
48%
41%
35%
Keeping brand trust
Being in compliance with GDPR
Knowing where my customer data lives
Personalizing the user experience
Keeping opt-outs as low as possible
2%
2%
2%
2%
6%
4%
4%
7%
7%
12%
11%
15%
24%
27%
31%
34%
62%
55%
52%
41%
Keeping brand trust
Being in compliance with GDPR
Knowing where my customer data lives
Personalizing the user experience
Not at all important Slightly important Moderately important Important Very important
2023
2022
20. 20
THANK YOU!
View our online interactive results here…
https://trustarc.com/global-privacy-benchmarks-report/
Get a complete download of the report here…
https://trustarc.com/2023-global-privacy-benchmarks-report/