🆕  2025 U.S. State Privacy Laws: what you need to know

4 challenges with building an in-house privacy solution

It's the age-old question: build vs. buy? For data privacy software, buying just makes sense. Here are 4 reasons why.
Read time
6 min read
Last updated
December 17, 2024
Ketch is simple,
automated and cost effective
Book a 30 min Demo

It can be tempting for Privacy or IT teams to consider building an in-house data privacy compliance solution. After all, IT teams are adept at assessing internal needs and building custom solutions. Teams may have previous experience building solutions like a marketing or customer service automation tool, IT ticketing service, or knowledge base. 

Building a privacy solution is substantially different, and more challenging than those projects. Let’s start with the risks and associated costs: while the risk of an IT ticketing system malfunctioning or underperforming is real, it pales in comparison to the risk of financial penalties and brand / reputational damage that an incomplete privacy solution introduces.

Homegrown privacy tech limitations

With that in mind, this article explores the top challenges organizations face when they consider building an in-house privacy solution. These examples are compiled from real customers that we’ve worked with. 

‍

4 biggest program challenges

The top challenges we see include:

  • Rapidly evolving regulations
  • The hidden costs of privacy program management
  • Costs of non-compliance
  • Ongoing operational costs and scale considerations 

The thread that cuts across these challenges is that privacy regulations are complicated, and becoming more ubiquitous every day. And these challenges are widespread. We’ve noticed them everywhere from mid-market to enterprise organizations, in various industries and in both global businesses as well as those that only operate in the US. More than just a solution for privacy compliance, organizations need a partner who understands the complexities and provides up-to-date tools and guidance, helping organizations mitigate risk with less manual overhead.

‍

1. Keeping up with rapidly evolving regulations 

In the US, 13 (and climbing!) states have enacted privacy legislation and many more are actively debating privacy bills in their state legislatures. Each piece of legislation has unique requirements for how consumer data can be acquired, managed and shared. They designate different rights for customers that organizations who operate in those states are mandated to follow. A great example of this is California’s rules around opt-outs. And that’s just the United States. The situation is more fraught for businesses with global operations. 

Choosing to build your own solution requires a deep understanding of the nuances of each regulation and the ability to stay up-to-date on the changes that are frequently made. Organizations also need to have tight alignment and cooperation across Privacy and IT teams who are both needed to operationalize privacy laws into the tech stack. We often find that the desire and spirit to work together exists, but that the reality of operational capacity and resourcing constraints wreck even the best laid plans. 

2. Hidden costs of privacy program management 

Burdensome tasks like identifying data owners, modifying website tags, and updating consumer consent choices across data systems must often still be done manually by IT and Privacy teams at a high degree of organizational expense if you choose to build your own program. 

Here is an example of the tasks that you might be presented with, and the typical associated costs for a mid-market company. This data is an average across several Ketch customers who had formerly built privacy programs in-house:

  • Orchestrating consumer consent choices across your data ecosystem: $200,000 estimated cost for 11 data systems
  • Deleting consumer data as part of the DSAR process: $1M+ estimated cost for 1,000+ DSAR / CA opt-out requests
  • Data discovery and classification: $400,000+ estimated cost for 24 data discovery projects annually
  • Automatically updating web tags / code ensuring compliance with new regulations: $500,000 estimated cost across 3 websites and 13 regulations

Your costs may be more or less depending on where you operate, your industry and your current approach to privacy compliance. (For example: these costs may be higher if you’re an enterprise organization, managing multiple lines of business.) This is before you add the cost savings from staff augmentation firms, which could result in an additional $100-$150k saved annually. 

We talk to many companies that leverage outside resources to manage the manual aspects of privacy program management that a more automated solution would address. For companies leveraging a programmatic privacy solution like Ketch, greater automation equates to 1,000s+ of hours of avoided labor costs. 

3. Cost and risk of non-compliance are high

Many organizations are adept at building solutions to solve unique technology related issues, and in many cases those solutions are exactly what the organization needs. For privacy, however, the risks presented by an incomplete solution are orders of magnitude higher than other IT projects. 

The largest GDPR fine was $1.3 billion, while less severe fines can still range in the tens of millions of dollars. 

In addition to the monetary risk, there’s also the real risk of brand and reputational damage. Consumers are aware of their privacy rights, with many stating that they won’t do business with organizations that don’t respect their privacy. A study by Cisco reveals that 47% of consumers have switched companies over their data use policies. When we talk to companies, we often hear that the concern of reputational and brand damage outweighs the threat of financial penalties, as it’s harder to regain customer trust once it’s lost than pay a one-time fine. 

4. Ongoing operational costs and scale challenges

Unlike many IT projects, privacy isn’t a “set it and forget it” effort. Ketch customers include those who had previously chosen to build, but who abandoned efforts after realizing the amount of ongoing maintenance required.

One of our customers, a leading media company, initially pursued a build strategy for consent management and data subject access requests. By 2019, they had achieved compliance. But in the following years, they fell out of compliance as privacy regulations evolved faster than their home-grown solution could keep pace. To achieve compliance with new regulations, as well as manage the breadth of a modern privacy program–which includes data discovery and marketing preference management–they selected Ketch as their privacy management vendor.

This is not an uncommon situation as existing privacy regulations are evolving and new ones are being introduced every year. New legislation targeting Generative AI will introduce even more complexity in the future. A homegrown privacy solution requires you to be constantly up-to-date on new regulations and their impact on your organization, and have the IT resources ready and able to make necessary changes. Most organizations find that they simply can’t allocate the time and resources necessary to maintain compliance with an in-house solution. 

‍

Buying–NOT building–a privacy solution is the best way to maintain compliance

The commitment to build your own privacy program is ongoing and intensive, which means it requires careful consideration. The list of challenges above is by no means exhaustive, but they illustrate the complexity that many organizations face when choosing to build an in-house solution. 

Our recommendation is to invest in a privacy platform that handles everything from capturing and managing consent and preferences to giving you a real-time view of data across your ecosystem. 

Organizations are facing the future of increasingly complex privacy requirements and need a partner with expertise in global privacy regulations, not just a solution that captures consent or automates ticketing. They need an interoperable privacy platform that provides compliance across every regulation, system and channel, both for today and tomorrow.  You simply can’t get that from an in-house solution.

Thinking about buying? Consider Ketch

Ketch enables businesses and platforms to build trust with consumers and drive growth through data.

The Ketch Data Permissioning Platform is a coordinated set of applications, infrastructure, and APIs that collapses the cost and complexity of privacy operations and mobilizes responsibly gathered data for deeper customer engagement and top-line growth.

With Ketch Programmatic Privacy™ for privacy operations, companies can adapt programmatically to fast-changing regulations while managing risk and cutting operational and privacy engineering costs by 80%.

With Ketch Data and AI Governance, businesses achieve complete, dynamic data control and intelligence over a company’s vital data assets, building trust and creating the foundation for responsible AI and advanced data and analytics initiatives.

‍

Read time
6 min read
Published
September 18, 2023
Thinking about a privacy software purchase?

Ketch customers go from zero to 100% deployed in as little as 3 weeks. You're days away from easy regulatory compliance.

Get a demo
Need an easy-to-use consent management solution?

Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.

Book a 30 min Demo

Continue reading

Product, Privacy tech, Top articles

Advertising on Google? You must use a Google certified CMP

Sam Alexander
3 min read
Marketing, Privacy tech

3 major privacy challenges for retail & ecommerce brands

Colleen Barry
7 min read
Marketing, Privacy tech, Strategy

Navigating a cookieless future with Google Privacy Sandbox

Colleen Barry
7 min read
Get started
with Ketch
Begin your journey to simplified privacy operations and granular data control across the enterprise.
Book a Demo
Ketch was named top consent management platform on G2