1 Stat to Stop You: 288

Mid-size companies now use an average of 288 different software-as-a-service (SaaS) apps, according to a 2020 SaaS Trends Report from Blissfully.

Looking forward: SaaS app volume per company will likely continue to grow. Last year, the report found that these same companies used an average of 203 different SaaS apps, marking an increase of 42%.

Why it matters for privacy: Increased SaaS app usage presents challenges for comprehensively responding to data privacy requests. For companies without data privacy infrastructure, a choice must be made between laborious (and manual) data gathering across vendors, partial fulfillment and the risks entailed, or building bespoke infrastructure internally, with associated investment and upkeep.

How many SaaS apps does your company use? Even if you’re not yet at 288, it’s easy to see how quickly this can become untenable with tens or hundreds of different data stores.

Quantifying the headache: Any engineer, marketing manager, or privacy counsel that’s gone on the hunt for personal user data knows that privacy requests eat up an extensive amount of company time and money. In fact:

• Two-thirds of respondents reported that fulfilling a single user request takes two or more weeks, according to the 2019 Gartner Security and Risk Survey.

• The average cost to respond to one user request is $1,400, according to the same Gartner Survey.

• 38% of respondents reported that access requests doubled or more after General Data Protection Regulation (GDPR) went into effect, according to Deloitte (and with data rights legislation only growing, this trend will only continue).

The ticking clock: Under the California Consumer Privacy Act (CCPA), companies must provide the information to California residents free of charge within just 45 days. They can extend the deadline, but only by another 45 days.

End state: If this growth continues, responding to privacy requests without engineering infrastructure will remain the time consuming, inefficient, and costly endeavor it is today, especially if the number of user requests continues to increase as expected. It could very well become impossible to manually respond to data subject access requests within the legal time frame.

We can help: At Transcend, our data privacy infrastructure includes integrations with industry leading SaaS vendors and platforms that allow companies to fulfil data subject requests automatically in seconds, rather than days or weeks. Find out how we do it, and the SaaS apps we integrate with out of the box.