Faced with the prospect of major fines and reputational damage, an increasingly fragmented landscape of privacy regulation is putting senior executives on edge.
Concerns about rapidly accelerating privacy laws and their associated regulatory burdens was identified as the top emerging risk that organisations face globally, according to Gartner’s latest emerging risks monitor.
The quarterly survey of 98 senior executives across industries and geographies showed that “accelerating privacy regulation” had overtaken “talent shortages” as the top emerging risk in the Q1 2019 Emerging Risk Monitor survey.
Sixty-four per cent of respondents indicated that accelerating privacy regulation was a key risk facing their organisations.
“Accelerating privacy regulation” was also the top concern in Q3 2018, following the introduction of GDPR, which came into effect almost 12 months ago. The current concerns are also being driven by California’s new privacy laws which are set to come into force early 2020 and a patchwork of proposed state-based and national policies.
“With the General Data Protection Regulation (GDPR) now in effect, executives realise that complying with privacy regulations is more complex and costly than first anticipated,” said Matt Shinkman, managing vice president and risk practice leader at Gartner.
“More budget dollars from IT, legal and information security are going to address GDPR compliance, just as the California Consumer Privacy Act (CCPA) is set to take effect, adding another layer of complexity for companies to navigate in this area.”
Concerns around privacy regulations were consistently spread across the globe, according to the research, highlighting the increasingly numerous and geographically-specific regulations that companies must now comply with.
In addition to being rated the top risk this quarter, accelerating privacy regulation was also rated as a risk with “very rapid velocity,” meaning that the risk would have high organisational impact if it were to materialise.
Gartner notes, this level of concern hints at the wariness among executives of the potentially large fines and reputational damage associated with violations of GDPR and similar legislation.
“We are now seeing an evolution from GDPR-specific concerns, which have been on executives’ minds for the past couple of years, to a broader recognition that their organisations need to overhaul their entire data security governance strategies,” Shinkman said. “GDPR compliance is really just the starting gun in this process, and not the finish line.”
This quarter “pace of change” was the second overall risk most concerning to executives surveyed, followed by “talent shortage.”
Concerns about lagging or misconceived digitisation were both among the top five risks, while outdated policies and procedures were flagged as a top 10 risk.