The results of ISACA's Privacy in Practice 2024 survey show that most respondents (62 percent) are confident in their organization's privacy team's ability to ensure data privacy and achieve compliance with new privacy laws and regulations. Half of the respondents (51 percent) based in India say their organizations find it easy to understand their privacy obligations.
In response to the study, over 1,300 professionals worldwide—71 of them are from India—who hold data privacy-related positions shared their thoughts on issues related to staffing, organization structure, policies, budgets, and training.
According to Indian respondents, the main challenges are as follows:
- Lack of competent resources (44 percent).
-
Complex international legal and regulatory landscape (35 percent).
-
Management of risks associated with new technologies (35 percent).
-
Lack of clarity on the mandate, roles, and responsibilities (34 percent).
“When privacy teams face limited budgets and skills gaps among their workforce, it can be even more difficult to stay on top of ever evolving and expanding data privacy regulations and even increase the risk of data breaches,” says Safia Kazi, ISACA principal, privacy professional practices.
“By understanding where these challenges lie, organizations can take the necessary measures to remedy them and change course to strengthen their privacy teams and programs”, added Kazi.
To assess the effectiveness of privacy programs, survey respondents in India note their organizations are most often taking the approach of: -
-
Performing a privacy risk assessment (68 percent).
-
Performing a privacy impact assessment (PIA) (61 percent).
-
Undergoing a privacy audit/assessment (46 percent).
-
Performing a privacy self-assessment (41 percent).
Regarding employee training, 86 percent of respondents worldwide say their company offers privacy awareness training to staff members; 66 percent of respondents say this training is given to all staff members once a year, and 52 percent of respondents worldwide say new hires receive privacy awareness training.
Beyond what may be needed by law, organizations are strengthening data privacy by implementing a range of privacy measures; internationally, the top three are data security (72 percent), identity and access management (74 percent), and encryption (73 percent).
“As privacy regulations world over continue to evolve, it's promising to see the growing confidence among Indians in overcoming issues. ISACA's survey clearly shows that organizations today are more adept at understanding their privacy obligations and are also confident in the ability of their teams to ensure compliance and data privacy,” says R.V. Raghu, ISACA India Ambassador, and Director, Versatilist Consulting India Pvt Ltd.
“However, the anticipated shifts when it comes to budgetary expectations show that it is important for companies to strategically enhance their resource allocation, especially with impending financial constraints.”