Smart Global Governance
This IDC MarketScape covers major vendors participating in the worldwide data privacy compliance software market. This vendor evaluation is based on a comprehensive criterion expected to be most conducive to success in providing tools to enable data mapping, data flows, data subject access request (DSAR) management, data privacy impact assessment management, and more to support enterprises both in the short term and long term. The evaluation criteria emphasize capabilities and strategies such as remote automation, personally identifiable information (PII) detection, and customized workflows. IDC expects critical success factors for data privacy compliance tools to be:
The privacy market has drastically matured since 2018 when it first rose in popularity due to the implementation of European Union’s (EU’s) GDPR. The first iteration of privacy compliance platforms quickly grew their businesses with simple workflow and regulatory change capabilities. However, privacy buyers are significantly more sophisticated five years later and now expect deep integrations into their corporate data spheres. For the first five years of GDPR, much of the fear and doubt surrounding data privacy compliance has been surrounding data subject access requests. DSARs have become somewhat of a low-hanging fruit. The fear comes from the tight turnaround required under CCPA and GDPR and, likely, the direct interface with data subjects. The enforcement actions that regulatory bodies have completed have not focused on DSARs. It may be worth evaluating data privacy vendors on their other competencies.
In fact, consent management is a much more challenging aspect of data privacy compliance, one that has been responsible for massive fines. Sephora received the first CCPA fine for failure to manage consent. Meta was fined $414 million for European consent violations. Respondents to IDC’s December 2022 Data Privacy Survey listed consent management as the biggest pain point of data privacy compliance. Evaluation of vendors should be sure to highlight consent management capabilities. Consent management needs to be dynamic and capture consent decisions across a variety of inputs.
At the end of the day, data privacy compliance is still a data governance problem. Data governance is taking center stage in data privacy and security strategies. By and large, traditional data governance vendors focus on structured data. Privacy regulations mainly impact unstructured data. Instead, organizations are leveraging data discovery and classification solutions to better understand compliance and risks to their data estates. Creating an accurate understanding of an enterprise’s data estate is an essential foundation for privacy compliance. Buyers need to look for a data privacy vendor that has deep integration with a leading data discovery vendor or the data privacy vendor needs to have those capabilities itself.
Transcend is positioned in the Major Players category in this 2023 IDC MarketScape for worldwide data privacy compliance software.
Transcend is fast-growing enterprise software vendor that bills itself as a governance layer for enterprise. Transcend has deep Silicon Valley roots and is driven by a C-suite that has significant experience in the technology world. Transcend considers its tools a data privacy and AI governance platform. Transcend’s core business is privacy compliance. Transcend is another data privacy compliance software tool that integrates directly into an organization’s data. Transcend integrates with the majority of data sources that organizations store sensitive information today. Unlike first-generation data privacy compliance providers, Transcend fully automates many of the cumbersome and menial aspects of compliance. Transcend delivers and automated data mapping and data subject access request experience.
The inclusion criteria for this IDC MarketScape required to be actively selling software and have at least $10 million in yearly revenue related specifically to selling software designed to enable and facilitate compliance with data privacy obligations.
For the purposes of this analysis, IDC divided potential key measures for success into two primary categories: capabilities and strategies.
Positioning on the y-axis reflects the vendor’s current capabilities and menu of services and how well aligned the vendor is to customer needs. The capabilities category focuses on the capabilities of the company and product today, here, and now. Under this category, IDC analysts will look at how well a vendor is building/delivering capabilities that enable it to execute its chosen strategy in the market.
Positioning on the x-axis, or strategies axis, indicates how well the vendor’s future strategy aligns with what customers will require in three to five years. The strategies category focuses on high-level decisions and underlying assumptions about offerings, customer segments, and business and go-to-market plans for the next three to five years.
The size of the individual vendor markers in the IDC MarketScape represents the market share of each individual vendor within the specific market segment being assessed.
IDC MarketScape criteria selection, weightings, and vendor scores represent well-researched IDC judgment about the market and specific vendors. IDC analysts tailor the range of standard characteristics by which vendors are measured through structured discussions, surveys, and interviews with market leaders, participants, and end users. Market weightings are based on user interviews, buyer surveys, and the input of IDC experts in each market. IDC analysts base individual vendor scores, and ultimately vendor positions on the IDC MarketScape, on detailed surveys and interviews with the vendors, publicly available information, and end-user experiences in an effort to provide an accurate and consistent assessment of each vendor’s characteristics, behavior, and capability.
The data privacy compliance software market has been recategorized as a functional submarket within the information and data security functional market. Information security products include technologies that protect the confidentiality, integrity, and availability of data that is valuable to the business. Within this market, there are three technology detail segments: messaging, sensitive data management, and data privacy compliance. For more information, see IDC’s Worldwide Security Products Taxonomy, 2023 (IDC #US49998922, January 2023).