To keep your organization’s data privacy solutions up to date in a rapidly changing world, it’s important to set aside time for regular reevaluations of your existing tech stack.

No matter what industry you serve, regulations and technologies are always changing, so best practice is to schedule an annual checkup to ensure your current set-up is still delivering the optimal solution for your needs.

As part of that process, you’ll need to evaluate your existing data-privacy tools, and look at other offerings to make sure you’re using the solution that’s best for your business. First, though, you’ll need to take a look in the mirror—because you can’t figure out what’s right for your organization unless you know exactly how your organization currently handles data.

Effectively, this boils down to making sure you understand exactly what kinds of problems your data-privacy solution needs to be able to solve. That means looking at three key areas: your current data usage, the current and forthcoming regulations that affect your business, and the different stakeholders within your organization who will need to use your data privacy solutions.  

Understanding your data use

To get to grips with the way your organization currently uses data, you’ll need to understand the purposes for which your organization collects and processes data. Is your end-goal to create better analytics, to provide personalization, or something else entirely—and how is that intent reflected in the data-privacy infrastructure you’ve built?

Once you understand the end-goal of your organization’s data usage, you can start to explore the way that data flows through your organization, and the way that consent signals and data subject requests ripple through your ecosystem. Start by asking the simplest questions: how many people visit your website, what devices are they using, and where are they located? From there, you can move on to examine the way that your organization collects and processes consent signals and data subject requests, and inventory the systems you’re using to honor users’ preferences, permissions, and requests.

You’ll need to look carefully at the internal systems your organization uses to manage data—but since data often flows beyond outward, beyond the borders of your organization, you’ll also need to look at your partners’ data processes. How are the consent and data requests you receive being propagated out to the partners who handle your data, and how are you verifying their compliance?

As you examine these factors, think about whether your existing infrastructure is aligned to your current needs. If your answers to the questions you’re asking have changed since you first built out your data-privacy infrastructure, you’ll need to carefully consider whether your existing tools are still meeting your needs as well as they should.

Understanding the rulebook

Once you’ve taken the pulse of your privacy operations, it’s time to look at the regulations to which you’re subject. The specific toolkit you need will vary depending on whether you’re trying to ensure compliance with the GDPR, the CCPA, or something else entirely.

Make sure you pay attention to pending regulatory action, too, and also to your own strategic plans—if you’re preparing to move into a new market, you might find yourself subject to new rules. Your legal team should be able to tell you whether the rules have changed since your data privacy tools were first implemented, and whether any further changes are in the pipeline. Since many regulations are still evolving, your team’s interpretations of the rules may also have changed over time as new rulings are issued or new best practices are established.

Given the rapid pace of regulatory change, most organizations find they’re better served by a dynamic and adaptable data-privacy solution, rather than a series of static point solutions for a specific body of regulations. Make sure you ask how flexible and futureproof your current system is, and whether it will be able to evolve and grow along with your business needs.

Understanding your internal teams

While the process of buying data-privacy systems is often driven by a single business unit, it’s important to bring all your organization’s different stakeholders into the review process. After all, if you ask an IT manager or your head of engineering what they want from a data privacy system, you’ll likely get a very different answer than if you ask your CISO, your legal team, or your sales and marketing division.

Privacy is a team sport, and your goal should be to find a data-privacy solution that can address all the different interests and needs of teams across your organization. That’s especially important when it comes to balancing the priorities of teams that might seem to have conflicting needs or goals. Your solution shouldn’t empower your IT team at the expense of your legal team, for instance—it should give both teams the tools they need to work, both collaboratively and independently, toward their goals.

The key is to understand each team’s needs and challenges, and to seek out a data privacy solution that gives every member of every team exactly what they need to do their job. Your solution should help to elegantly defuse tensions between business units, not exacerbate them or create new points of conflict.

Putting it all together

After going through this three-part diagnostic process, you’ll be left with a clear understanding of how your organization handles data, what rules it’s subject to, and which business units have a stake in the way data privacy is handled. Collectively, these represent your data privacy needs—and armed with these insights, you’re ready to go out into the data security marketplace and see which solutions can deliver the performance you require.

We’ll cover that in our next blog post, but if you want to get the ball rolling right away, feel free to reach out. At Ketch, we believe that our job is to satisfy as many all three of these needs simultaneously—and we’re confident we can outperform any other data privacy tool currently on the market. Get in touch todayto find out why, and to learn how our solution can deliver the performance your organization needs.

Look for simplicity and elegance, not jargon and needless complexity.

Data privacy doesn’t come cheap. Spending on data-privacy solutions at both small and large enterprises doubled in 2020, according to Cisco’s latest Benchmark Study, with organizations spending an average of $2.4 million to manage data-privacy issues.

The good news is that many organizations get excellent value for money: more than two-thirds of businesses say they get significant benefits from their data-privacy tools, and 35% of the 4,700 industry leaders polled by Cisco said their data-privacy solutions generated ROI equivalent to at least double their investment.

On the other hand, not everyone’s happy: about a third of businesses didn’t get significant benefits from their tools, and 15% said they didn’t get enough ROI to justify the millions they’d spent building out their data-privacy infrastructure.

Clearly, when you’re spending serious money on data privacy, you need to do everything you can to maximize the return you get on your investment. So how can you optimize your procurement process to ensure you’re getting value for money?

1. Know what you’re using.

It’s always better to shop for software by weighing the product you’re eying against a specific alternative. If you’re already using a data-privacy solution, make sure you understand exactly how it works, and what its strengths and limitations are, so you can see where a new option succeeds or falls short.

Perhaps you’re using a cheap but inflexible cookie-based consent system, or perhaps you’ve adopted a third-party solution with its own strengths and limitations. Make sure you understand the way your current system addresses your specific use-case, and pay close attention to how well it copes with any new pain-points that may have emerged as your business has grown and regulations have evolved.

2. Know what you need.

The key to getting positive ROI from your data privacy solution is to keep its core functionality front-of-mind while you’re shopping. No matter how many bells and whistles a particular platform offers, its core task is to ensure you and your partners only use data in legal ways that align with your user’s expressed preferences. A tool that falls short on that basic metric won’t deliver positive ROI, no matter how many other features it has.

Once you’ve found a shortlist of solutions that meet your basic needs, start thinking about additional features that add value for your specific use-case. If a feature sounds cool but you can’t immediately see how you’d use it, it might not add much value for your team. That said, it’s also important to think about your future needs—a solution that offers flexible, futureproof functionality is likely to deliver ROI as your business grows.

3. Research the alternatives.

When doing due diligence, it’s important to look beyond the marketing materials provided by a software vendor, which are always going to show their product in the best possible light. User reviews on sites such as G2 offer unvarnished insights into how products perform in the real world, but bear in mind that while individual users know how their own solution works, they may not have experience using competing products. To get a broader perspective, it’s also useful to look for expert opinions, such as analysts’ briefings and market reports.

Personal connections are also valuable as you’re shopping for software. Crack open your Rolodex and phone friends and colleagues who understand your company and your needs, or try quizzing your LinkedIn or Twitter followers to get product recommendations and warts-and-all stories about their company’s data-privacy solutions.

4. Avoid complexity.

When you’re trawling through jargon-filled corporate websites, it’s easy to start to feel overwhelmed. Many vendors serve up long laundry lists of features using highly technical language, and it’s tempting to simply assume that the companies with the longest and most complicated lists of features are offering a better product. That’s a mistake: instead of getting seduced by complexity, make sure you stay focused on the subset of features that add real value for your organization.

After all, while it’s true that ensuring data privacy can be a complex process, the solution you deploy needs to be elegant and effortless to use if it’s going to add lasting value for your organization. As with any other technology, the best data privacy tools are transparent and easy to understand, and don’t require you to dig through endless configuration tools and expensive optional add-ons in order to get the functionality you need. Simplicity, not complexity, is the key to generating real ROI.  

5. Remember who’s in charge.

Buying software can feel a bit like buying a car—the salesperson is going to do everything they can to get you to sign on the line, and it’s easy to forget that you’re the one who’s really in the driving seat. Don’t let your vendor obfuscate or hide behind jargon, and don’t let yourself get locked into an approach that isn’t right for you. Make sure you ask the questions you need to—and get answers to them!—in order to ensure you’re getting the right solution for your organization’s needs.

The bottom line: you’re paying real money, and you deserve to get good value. If the vendor you’re working with can’t provide the solutions you need, then there are plenty of other options on the market that will deliver better value for your company.

It would be wonderful if you could buy enterprise software as easily and confidently as downloading a smartphone app. The reality, though, is that when it comes to data privacy the stakes are high, the problems are complex, and the solutions are both more expensive and more technologically advanced. That means there’s no alternative to doing careful due diligence, and putting in the time and effort required to ensure you’re picking a solution that will truly work for your organization.

At Ketch, we know just how much of a headache buying enterprise software can be—and we believe software buyers should never feel confused or out of their depth while making important decisions. That’s why we’ve got a team of dedicated specialists on hand who’ll discuss your needs, demo our data-privacy solutions, and make sure you’re able to make this important decision with absolute confidence. So get in touch today, and tell us about the problems you’re trying to solve.

Tags
Strategy
Privacy Tech
Published
April 26, 2021