The latest trends in the latest privacy operations management tools
To keep up with the ever-changing privacy landscape, a lot of businesses have begun tracking their privacy program daily operations using a privacy operations management tool. A privacy operations management tool is used to help businesses record all the ways they use data to meet corresponding regulatory requirements. While some businesses maintain their privacy operations in-house, many purchase a tool to increase efficiency, reduce the cost of privacy tasks in both time and effort, and automate legal obligations such as a records of processing activities or privacy risk assessment.
In the fall of 2022, I participated in more than 20 demos from a number of different privacy tools. I also attended the IAPP’s Privacy. Security. Risk. conference in October and learned about even more tools. Here are some of the trends I noticed in the market.
If you are considering a privacy operations management tool, you will discover that the biggest change is the number of options in the market. There is no longer a single vendor that seems to have most of the privacy business; there are so many vendors now that it’s necessary to search and participate in demos before a decision is made. While each tool may identify a “differentiator” for their offerings, you will also find in your search that a lot of them offer the same core services: data inventory/mapping, data subject rights, assessments, and consent and preference management.
Many tools are starting to offer automation as another way to reduce the manual tasks the privacy team must undertake. Whether it’s automation of fulfilling data subject requests, updating cookie notice language, data discovery or data mapping, or connection to other tools using APIs, there is an automated function that could save time and effort for any business, if they’re willing accept the monetary cost.
Hands off approach
Perhaps as an alternative to automation, a hands-off approach is also emerging as an option for businesses in managing their privacy operations, while still reducing the time required by the business’s staff. This may be on a smaller scale, with most of the vendors offering time from a technical account manager, or on a larger scale, with an option for the vendor to fully operate the tool with the business’ direction.
With an increasing number of privacy laws coming into effect, businesses are scrambling to be able to demonstrate compliance to regulators. Vendors are reacting to this by supplying legal services as one of their tool’s offerings. In some cases, this means providing legal counsel as an add-on service. Others offer this directly in the tool, such as in a policy center that is updated with the proper consent model in each jurisdiction where a business operates or in supplied cookie language with a promise of owning any regulatory penalties.
Consent vs. cookies
One confusing part of every demonstration for me was trying to figure out if each tool’s consent module would include cookie consent or if the cookie consent module could collect all consents. Instead of each tool providing a singular understanding of what is covered under modules for cookie consent and what is possible with consent management, there seemed to be an unnecessary, and sometimes nonexistent, divide between cookies and consent functionality, where vendors offered just the one but could do both.
If you need assistance choosing a privacy operations management tool, Privacy Ref would be happy to help.