As organizations struggle to keep up with data legislation across international markets, start-ups see an opportunity. In September 2019, New York–based BigID closed a $50 million funding round, bringing its funding total to $100 million. The company uses data analytics alongside compliance software to help organizations identify and map personal data, even if that data is distributed across multiple on-premises and cloud-based systems. The tool also automates privacy-related functions such as fulfilling data-access requests from customers or employees.

In July 2019, Atlanta-based OneTrust performed the rare feat of achieving a valuation of more than $1 billion in its first funding round (raising $200 million). OneTrust offers various products for privacy management, risk management, and compliance that include self-assessment tools and automated mapping of personal data.

As BigID and OneTrust scale up, other companies continue to emerge. Securiti.ai is less than a year old and recently raised $31 million to develop its analytics and privacy-automation software. Like BigID, Securiti.ai uses machine learning to manage distributed personal data and to automate aspects of privacy compliance. Another vendor, InCountry, launched in May 2019 and has raised $22 million to date. InCountry assists with privacy compliance by helping companies manage data storage across jurisdictions. Other notable providers include TrustArc, Privitar, and Integris Software.

Implications

The need for privacy-compliance solutions is clear. The California Consumer Privacy Act goes into force in January 2020, joining a new wave of relatively stringent privacy legislation, including Europe's General Data Protection Regulation (GDPR) and forthcoming legislation in Brazil and India. Differences in legislation across jurisdictions create complexities for large organizations, and mistakes can be costly. British Airways faces a β183 million ($227 million) fine for a data breach in 2018. Privacy-compliance platforms may be arriving at the right time.

Potentially, automated privacy solutions could level the playing field between companies that are able to invest substantial sums in compliance (Google's workforce apparently spent hundreds of years of human time on GDPR compliance in the run-up to its introduction) and those that are not. Privacy tools should lower the cost of regulatory compliance and reduce risk, potentially encouraging companies (including those outside the tech sector) to develop new data services across international markets.

Impacts/Disruptions

Intuitively, more restrictive data regulations will curtail the big-data market. Big data was predicated on the notion that companies should collect data first and ask questions later, yet regulations such as the California Consumer Privacy Act and the GDPR mean that such free-and-easy data collection is no longer possible (or at least, no longer legal). But perhaps the intuition is too simplistic. Some vendors and investors are clearly benefiting from demand for compliance solutions. Plausibly, consumer confidence in data services will increase with better privacy protections. Most important, if big data were to succeed, sooner or later it would have to overcome the obstacle of increased government scrutiny and tighter data rules (the notion that the industry would go unchecked forever was always naive). Now that the industry is developing cost-effective ways of delivering data services within regulated markets, perhaps the big-data opportunity has become a sustainable one.