If you were to glance at the IAPP Privacy Tech Vendor Report, you will find an array of privacy platform technologies or automated solution offerings. When did all these potential partners hit the scene? A few have been around for many years, but the announcement of the EU General Data Protection Regulation certainly turbo-charged the industry. Some larger companies offer a suite of tools; however, there are plenty of niche players that can solve or otherwise fill your automated privacy program needs.

When searching for a solution, be sure to make good notes. It may prove difficult to compare apples to apples because of differences in technology and terminology. 

How to go about finding the right solution

The first question to answer is, “What is the problem I am trying to solve?” Maybe you are launching a new website in one or two EU-member countries, which is subjecting your organization to the GDPR. You and your team are well-versed in e-commerce, but the cookie consent requirement is holding up the project. So, start your notes with “1) We need cookie consent manager.” 

Now, the next few questions may be: Is the need as narrow as a cookie consent tool or a broader solution like a preference manager? Do you have in-house solutions that you need to accommodate? What kind of reporting do you need? What would be "nice" to have? What’s your timeline for implementation? What’s your budget? What kind of training and technical support is included? What’s the ask of your organization’s IT department to integrate a third-party solution? Where and how is the solution hosted? What choices are available?

How do I go about finding the right solution provider?

After you have your questions arranged, you probably have enough information to issue a "request for proposal," which may be required by your organization. However, many in-house privacy shops work less formally. You may simply need to click the “Contact Us for Demo” link on a vendor’s site or maybe answer their call after you stopped by their booth at the exhibit hall of a relevant conference. 

Demo, ask questions, demo again, ask more questions

It’s easy to watch a solution work well in a demo, but as a friend of mine says, “Any salesperson can make a demo look good.” You’ve really got to exhaust your questions and enlist the stakeholders in your organization to truly vet a given solution. Not being in a rush is an advantage. Without being a tire kicker — we’re all busy after all — look at two or three solutions minimally so you get a thorough education on what’s available, how it works, how updates for regulatory changes happen and how it can best solve your particular issue. Don’t be afraid to ask for a second round of demos or questions and answers. As you review additional products, some new ideas or challenges may arise, so you may want to go back to the early vendor demonstrators for more information.

Additional considerations that may narrow your vendor choice

Even if you find a solution with all the bells and whistles, there are other considerations and/or requirements that may limit vendor choice. Your information technology, legal and procurement teams will have input as well. Maybe your organization has an aversion to a particular cloud solution. Will there be additional costs to select another? What about where the data is hosted? Can that be specified too at no charge? Can you get an on-premise solution because your chief information security officer prefers it and it’s coming out of their budget? What about payment terms? What about breach terms?  Since the solution was to solve an EU-regulated issue, what’s the role of controller and processor? These questions may spur additional questions, or the answers may require a creative work-around, and that’s why taking a holistic approach (privacy, IT, legal and procurement) in evaluating these solutions is recommended.

Finding and implementing "the one"

Privacy tech companies have worked hard to make their tools deployable in a variety of industries and settings. In the example of a cookie consent manager, you could be looking at two to three months from demo to implementation depending on the complexity of the project, your organization’s processes, your infrastructure and your ability to work in concert with the vendor to implement. Your successful new partnership will be realized when your EU-focused, e-commerce website is up, taking orders and cookie consent compliant.

Photo by Ramón Salinero on Unsplash