With privacy regulations on the rise at the national, state, and global levels, many organizations—along with their chief privacy officers—are sweating the potential compliance impact, Gartner finds.
What’s keeping your average leadership team up at night? If you guessed “compliance,” you might be having a few sleepless nights yourself.
The latest edition of Gartner’s “Emerging Risks Monitor Report” revealed that “Accelerating Privacy Regulation” was at the top of organizations’ list of concerns during the first quarter of 2019—an issue that has lingered at or near the top of the research firm’s list three quarters in a row, surpassing issues such as the pace of change, a talent shortage, and lagging digitization issues. Cloud computing, at the top of the list last spring, isn’t even in the top five anymore.
Why are privacy regulations so concerning? It turns out that the European Union’s General Data Protection Regulation is even knottier than it looks, according to Gartner Managing Vice President and Risk Practice Leader Matt Shinkman.
“With the General Data Protection Regulation (GDPR) now in effect, executives realize that complying with privacy regulations is more complex and costly than first anticipated,” he said in a news release.
Shinkman added that concerns about California’s tough privacy law, which have already led to campaigns to create an overarching federal law, were playing a role too.
How fret-inducing are privacy regulations? Well, a separate survey of privacy executives by Gartner found that it was a top priority for respondents, and that only around 40 percent of respondents were confident about their ability to keep up with the shifting environment around regulations.
“Our data suggests that while privacy executives have a good sense of where to focus their efforts, most find it difficult to create a comprehensive plan to address these issues,” Gartner Managing Vice President Brian Lee said this week.
Lee characterized the situation as one where executives were still trying to get a handle on GDPR, only to find that more regulations are starting to hit, which will likely have strategic impacts in both the short term and long term.
“Strategic and regulatory flexibility will be critical to the success of privacy functions this year,” Lee added.
Other things bothering privacy execs include privacy strategies for digital-transformation programs, creating risk-management programs for third-party vendors, improving consumer trust, and finding metrics to track the effectiveness of privacy programs.