Study shows 60 percent of privacy executives worried about compliance
CONSUMERS are happy that regulators are finally taking charge of data privacy needs and creating laws that force technology companies, financial institutions, and others in the market to adhere to strict standards.
Inside businesses, data privacy executives and compliance officers are losing sleep over the matter.
According to a new study by Gartner, just four in 10 privacy executives are confident about adapting to new regulations.
“Organizations still feeling the full force of complying with Europe’s General Data Protection Regulation (GDPR) are now being asked to adapt to additional regulatory requirements, which can impact both short- and long-term strategy,” said Gartner Managing VP Brian Lee.
Aside from the GDPR, data privacy laws in India, China, Australia, Vietnam, and other countries are getting more demanding. In fact, regulations in California pushed forward by ex-Governor of California, Jerry Brown.
“This is especially important, as regulators and customers alike have made it clear that there is no longer a grace period for companies getting their privacy priorities in order.”
Based on intimate discussions with companies, Gartner listed some of the top concerns for privacy professionals currently grappling with new regulations:
- Adapting to a volatile regulatory environment
- Establishing a privacy strategy to support digital transformation
- Implementing an effective third-party risk management program
- Strengthening customer trust and brand loyalty
- Identifying metrics to measure privacy program effectiveness
“Our data suggests that while privacy executives have a good sense of where to focus their efforts, most find it difficult to create a comprehensive plan to address these issues,” concluded Gartner’s Lee.
A majority of privacy executives also told Gartner that their organizations lack an information governance framework that can adapt to changing regulations — which obviously makes the current regulatory landscape quite challenging.
Adapting to a volatile regulatory environment has already proven to be a significant challenge this year, as the complexity and costs of meeting full GDPR compliance emerges and additional regulatory requirements, such the California Consumer Privacy Act, come into effect.
Requirements and reports about compliance with those requirements have become a significant budget line item for many companies, and executives are beginning to realize that they will need additional resources to assess and comply with existing, emerging, and new laws.
Gartner’s research also shows that around seven in 10 privacy executives wish to develop a strategy to support digital transformation at their organizations, but most lack confidence in their existing plan.
The challenge of formalizing information governance in a fast-paced digital environment remains a key concern for privacy executives.
Gartner recommends designing an information governance framework that focuses less on formal structures, and more on business purpose. In addition, accounting for privacy risk in cross-functional strategic planning exercises is also critical.
Overall, it seems as though companies need to pay attention to regulatory compliance if they want to avoid complications with the law and ensure they continue to be trusted by their customers.
Businesses leaders, most importantly, must not only create budgets for compliance-related tasks in the future but also facilitate discussions about upcoming legislations that might affect the company’s data and overall business.