4 in 10 Privacy Executives Are Confident About Adapting to New Regulations
Adapting to an increasingly volatile regulatory environment is the top priority for privacy executives, with only approximately 4 in 10 confident in their current abilities to keep pace with new requirements, according to Gartner.
Conversations with Gartner clients and Gartner’s annual survey data reveals where data privacy executives plan to focus their strategies and budgets for 2019. Their top five priorities highlighted the need to strengthen strategic approaches to engage with quickly shifting regulatory, technology, customer and third-party risk trends.
“Strategic and regulatory flexibility will be critical to the success of privacy functions this year,” said Brian Lee, managing vice president for Gartner. “Organizations still feeling the full force of complying with Europe’s GDPR are now being asked to adapt to additional regulatory requirements, which can impact both short- and long-term strategy. This is especially important, as regulators and customers alike have made it clear that there is no longer a grace period for companies getting their privacy priorities in order.”
The top five priorities for 2019 are adapting to a volatile regulatory environment, establishing a privacy strategy to support digital transformation, implementing an effective third-party risk management program, strengthening customer trust and brand loyalty, and identifying metrics to measure privacy program effectiveness. Gartner experts said there are commonalities between the priorities, primarily focused on effectively managing and guarding data in a strategic manner. Each priority also revealed significant gaps between executives’ desired objectives and where they currently view their organization’s progress.
“Our data suggests that while privacy executives have a good sense of where to focus their efforts, most find it difficult to create a comprehensive plan to address these issues,” said Lee. A majority of privacy executives in contact with Gartner believe that their organizations lack an information governance framework that can adapt to changing regulations.
Adapting to a volatile regulatory environment has already proven to be a significant challenge this year, as the complexity and costs of meeting full GDPR compliance emerges and additional regulatory requirements, such the California Consumer Privacy Act, come into effect. These requirements have become a significant budget line item for many, and it is clear that additional resources will be needed to assess and manage similar pieces of legislation still in the pipeline.
Gartner research also shows that around seven in 10 privacy executives wish to develop a strategy to support digital transformation at their organizations, but most lack confidence in their existing plan. The challenge of formalizing information governance in a fast-paced digital environment remains a key concern for privacy executives. Gartner recommends designing an information governance framework that focuses less on formal structures, and more on business purpose. In addition, accounting for privacy risk in cross-functional strategic planning exercises is also critical.
Part of this is concern is driven by the lack of relevant metrics to track privacy effectiveness within organizations. In fact, three-quarters of privacy executives lack the confidence to effectively report on program outcomes.