A lack of understanding combined with budgetary squeezes are significant obstacles for organization’s navigating data privacy and compliance with data protection laws, according to industry body ISACA.
In The State of Data Privacy in 2024 report, ISACA found that over half (57%) of cyber professionals are not confident in their organization’s privacy team’s ability to ensure data privacy and achieve compliance with new privacy laws and regulations.
One reason for this is that two-thirds of professionals (66%) simply do not understand the privacy regulations their organization needs to comply with.
The poor training or complete lack of was also cited as a common reason for privacy failures, followed by a lack of privacy by design implementation and data breaches.
Of the 1300 respondents to ISACA’s study, 43% highlighted budgetary challenges, stating their privacy budget is underfunded. Over half of professionals expect this budget to be further reduced in 2024.
In practice, these issues mean that IT professionals face numerous challenges when deploying data privacy programs. The most mentioned obstacles include:
- A lack of competent resources (41%)
- A lack of clarity on the mandate, roles and responsibilities (39%)
- A lack of executive or business support (37%)
- A lack of visibility and influence within the organization (37%)
In-House Training and Privacy Consultants on the Rise
ISACA’s study also found that the demand for data privacy roles will likely soar in 2024, with 62% of respondents saying they observe an increased demand for technical privacy roles and 55% anticipating a further need for legal and compliance roles in the near future.
Although previous legal or compliance experience is a critical factor for recruiting privacy specialists for 61% of respondents, the prime skill is the knowledge of different types of technologies and/or applications, which 63% said was fundamental.
However, ISACA found that recruitment is not the only way of filling the data privacy skills gap. Instead, half of the respondents (50%) said they prioritized training non-privacy staff interested in moving into privacy roles.
Over one-third (39%) predicted there will be an increased use of contract employees or outside consultants to work on privacy programs.