IDC

Regions Focus: Worldwide

Data Privacy Compliance Software 2023 Vendor Assessment

September 2023 | us49841923e
Ryan O’Leary

Ryan O’Leary

Research Manager, Privacy and Legal Technology, IDC

Ralf Helkenberg

Ralf Helkenberg

Research Manager, European Privacy and Data Security

Product Type:
IDC: MarketScape
This Excerpt Features: Transcend

IDC MarketScape: Worldwide Data Privacy Compliance Software 2023 Vendor Assessment

Capabilities Strategies Participants Contenders Major Players Leaders

Major Players

1touch.io

Collibra

Exterro

Ketch

Smart Global Governance

Spirion

TranscendFeatured Vendor

Leaders

BigID

DataGrail

OneTrust

Securiti

TrustArc

IDC MarketScape Methodology

IDC Opinion

This IDC MarketScape covers major vendors participating in the worldwide data privacy compliance software market. This vendor evaluation is based on a comprehensive criterion expected to be most conducive to success in providing tools to enable data mapping, data flows, data subject access request (DSAR) management, data privacy impact assessment management, and more to support enterprises both in the short term and long term. The evaluation criteria emphasize capabilities and strategies such as remote automation, personally identifiable information (PII) detection, and customized workflows. IDC expects critical success factors for data privacy compliance tools to be:

  • Automated data discovery and classification capabilities to limit the manual lift and time generally associated with these processes
  • Dynamic consent management that permeates through organizational infrastructure beyond cookie banners
  • Deep regulatory library to monitor regulatory change across the many complex regulations across all global jurisdictions
  • Advanced artificial intelligence (AI)/machine learning (ML) capabilities to analyze and provide additional value for clients across their privacy operations activities
  • Global footprint to enable compliance with data sovereignty requirements of the various privacy regulations
  • Strong focus on cybersecurity capabilities to ensure that client data is protected and secured

Tech Buyer Advice

The privacy market has drastically matured since 2018 when it first rose in popularity due to the implementation of European Union’s (EU’s) GDPR. The first iteration of privacy compliance platforms quickly grew their businesses with simple workflow and regulatory change capabilities. However, privacy buyers are significantly more sophisticated five years later and now expect deep integrations into their corporate data spheres. For the first five years of GDPR, much of the fear and doubt surrounding data privacy compliance has been surrounding data subject access requests. DSARs have become somewhat of a low-hanging fruit. The fear comes from the tight turnaround required under CCPA and GDPR and, likely, the direct interface with data subjects. The enforcement actions that regulatory bodies have completed have not focused on DSARs. It may be worth evaluating data privacy vendors on their other competencies. 

In fact, consent management is a much more challenging aspect of data privacy compliance, one that has been responsible for massive fines. Sephora received the first CCPA fine for failure to manage consent. Meta was fined $414 million for European consent violations. Respondents to IDC’s December 2022 Data Privacy Survey listed consent management as the biggest pain point of data privacy compliance. Evaluation of vendors should be sure to highlight consent management capabilities. Consent management needs to be dynamic and capture consent decisions across a variety of inputs.

At the end of the day, data privacy compliance is still a data governance problem. Data governance is taking center stage in data privacy and security strategies. By and large, traditional data governance vendors focus on structured data. Privacy regulations mainly impact unstructured data. Instead, organizations are leveraging data discovery and classification solutions to better understand compliance and risks to their data estates. Creating an accurate understanding of an enterprise’s data estate is an essential foundation for privacy compliance. Buyers need to look for a data privacy vendor that has deep integration with a leading data discovery vendor or the data privacy vendor needs to have those capabilities itself. 

Featured Vendor

Transcend

Transcend is positioned in the Major Players category in this 2023 IDC MarketScape for worldwide data privacy compliance software.

Transcend is fast-growing enterprise software vendor that bills itself as a governance layer for enterprise. Transcend has deep Silicon Valley roots and is driven by a C-suite that has significant experience in the technology world. Transcend considers its tools a data privacy and AI governance platform. Transcend’s core business is privacy compliance. Transcend is another data privacy compliance software tool that integrates directly into an organization’s data. Transcend integrates with the majority of data sources that organizations store sensitive information today. Unlike first-generation data privacy compliance providers, Transcend fully automates many of the cumbersome and menial aspects of compliance. Transcend delivers and automated data mapping and data subject access request experience. 

Strengths

  • Ability to handle complex infrastructure: Unlike many start-ups, Transcend has started by targeting the biggest enterprises as customers instead of starting down market. Customers reported that Transcends tool “thrives on chaos.” Customers reported that the integrations were seamless despite the patchwork of data sources Transcend was required to integrate into. Further, many enterprise customers noted that despite complex infrastructure, the implementations were fast and painless.
  • Consent management: Transcend makes consent management a significant focus. Transcend allows its customers to dynamically manage and administer consent preferences in a unified identity across a variety of inputs. Customers indicated that consent management capabilities were a significant factor in their decision to deploy Transcend. Unlike many competitors, Transcend understands the importance that regulators put on processing consent and managing consent eliminates a chunk of risk. Automating and removing manual processes from consent management is a feather in Transcend’s cap. 

Challenges

  • Global reach: Transcend is a heavily North American–based company. Most of its customers are U.S. based. While Transcend’s cloud-based software can be easily deployed across the globe, the company is yet to prioritize global expansion. This will come with time but as of now is a bit of a challenge for its growth. 

Methodology

IDC MarketScape Vendor Inclusion Criteria

The inclusion criteria for this IDC MarketScape required to be actively selling software and have at least $10 million in yearly revenue related specifically to selling software designed to enable and facilitate compliance with data privacy obligations.

Reading an IDC MarketScape Graph

For the purposes of this analysis, IDC divided potential key measures for success into two primary categories: capabilities and strategies.

Positioning on the y-axis reflects the vendor’s current capabilities and menu of services and how well aligned the vendor is to customer needs. The capabilities category focuses on the capabilities of the company and product today, here, and now. Under this category, IDC analysts will look at how well a vendor is building/delivering capabilities that enable it to execute its chosen strategy in the market.

Positioning on the x-axis, or strategies axis, indicates how well the vendor’s future strategy aligns with what customers will require in three to five years. The strategies category focuses on high-level decisions and underlying assumptions about offerings, customer segments, and business and go-to-market plans for the next three to five years.

The size of the individual vendor markers in the IDC MarketScape represents the market share of each individual vendor within the specific market segment being assessed.

IDC MarketScape Methodology

IDC MarketScape criteria selection, weightings, and vendor scores represent well-researched IDC judgment about the market and specific vendors. IDC analysts tailor the range of standard characteristics by which vendors are measured through structured discussions, surveys, and interviews with market leaders, participants, and end users. Market weightings are based on user interviews, buyer surveys, and the input of IDC experts in each market. IDC analysts base individual vendor scores, and ultimately vendor positions on the IDC MarketScape, on detailed surveys and interviews with the vendors, publicly available information, and end-user experiences in an effort to provide an accurate and consistent assessment of each vendor’s characteristics, behavior, and capability.

Market Definition

The data privacy compliance software market has been recategorized as a functional submarket within the information and data security functional market. Information security products include technologies that protect the confidentiality, integrity, and availability of data that is valuable to the business. Within this market, there are three technology detail segments: messaging, sensitive data management, and data privacy compliance. For more information, see IDC’s Worldwide Security Products Taxonomy, 2023 (IDC #US49998922, January 2023).

Related Research

  • Worldwide Data Privacy Compliance Software Forecast, 2023–2027 (IDC #US50939823, June 2023)
  • Unforeseen Artificial Intelligence Risk: Creating Sensitive Data from Nonsensitive Data (IDC #lcUS50943023, June 2023)
  • Generative AI: Security, Privacy, and Trust Concerns (IDC #US50641923, May 2023)
  • Worldwide Data Privacy Compliance Software Market Shares, 2022: OneTrust Continues to Hold Its Large Lead Over the Market (IDC #US50209423, May 2023)

IDC MarketScape: Worldwide Data Privacy Compliance Software 2023 Vendor