State of Data Rights Report

This report offers a comprehensive exploration of how organizations understand, operationalize, and prepare for the increasingly complex world of individual data rights. Developed by the IAPP in partnership with BigID, this publication examines how companies around the world process and fulfill data access requests, deletion requests, and broader transparency obligations. It also sheds light on how these activities influence trust, organizational maturity, and long‑term strategic planning.

This report is designed to help privacy professionals, policymakers, and organizational leaders assess the current state of data rights implementation. Drawing on survey responses from more than 475 privacy and IT professionals worldwide, the report provides an unusually detailed look at how real organizations are addressing the demands placed on them by modern privacy laws.  These professionals offer insight into how data rights, from access and correction to deletion and restriction, are exercised across jurisdictions, as well as how such processes differ between industries, maturity levels, and organizational structures.

One of the key themes highlighted throughout the report is how global privacy laws, particularly the GDPR and CCPA, have established a baseline for individual rights, forcing organizations to create more structured and reliable processes for responding to Data Subject Access Requests (DSARs). These laws give individuals the right to access, correct, delete, or restrict the processing of their personal information, prompting companies to rethink their data inventories, system architectures, and internal workflows. The report analyzes how these regulatory requirements influence internal business functions, pushing teams across security, legal, compliance, data governance, and IT to collaborate more closely.

Also touched on is the growing importance of data discovery and mapping as organizations attempt to detect where personal and sensitive information resides across sprawling digital ecosystems, including databases, file storage, cloud environments, and applications. Over half of surveyed professionals identified data discovery as a top future investment priority, reflecting its foundational role in fulfilling data rights accurately and efficiently.

Beyond the operational dimension, the report also addresses the broader strategic value of data rights. It highlights how strong data transparency practices help build trust with employees and consumers, framing data rights not merely as compliance requirements but as opportunities to strengthen brand reputation and organizational accountability.

Ultimately, The State of Data Rights serves as both a snapshot of where organizations stand today and a forward‑looking guide for those preparing for the next generation of regulatory and consumer expectations. It equips readers with a nuanced understanding of the global data rights landscape, detailing current challenges, emerging trends, and the capabilities organizations must invest in to remain resilient, compliant, and trustworthy.