Here's why data privacy professionals are concerned about new regulations. Source: Shutterstock

Here’s why data privacy professionals are concerned about new regulations. Source: Shutterstock

60pc of privacy professionals concerned about compliance

COMPLIANCE is a cause for concern for most businesses these days, especially with data privacy regulations quickly becoming more comprehensive everywhere.

Data privacy professionals, including the Data Protection Officer (DPO) appointed as a result of the requirements of the EU’s General Data Protection Regulation (GDPR), are incredibly effective in helping organizations understand their data and meet legal requirements, but there’s still a long way to go.

According to a recent Gartner study, 60 percent of compliance executives said they were concerned about adapting to new privacy regulations.

“Organizations still feeling the full force of complying with Europe’s GDPR are now being asked to adapt to additional regulatory requirements, which can impact both short- and long-term strategy.

“This is especially important, as regulators and customers alike have made it clear that there is no longer a grace period for companies getting their privacy priorities in order.” said Gartner Managing VP Brian Lee.

Here are the top 5 priorities of privacy executives surveyed by Gartner this year:

  1. Adapting to a volatile regulatory environment
  2. Establishing a privacy strategy to support digital transformation
  3. Implementing an effective third-party risk management program
  4. Strengthening customer trust and brand loyalty
  5. Identifying metrics to measure privacy program effectiveness

Gartner experts said there are commonalities between the priorities, primarily focused on effectively managing and guarding data in a strategic manner — as opposed to ad hoc efforts — amid rapidly changing expectations on privacy policy.

Each priority also revealed significant gaps between executives’ desired objectives and where they currently view their organization’s progress.

“Our data suggests that while privacy executives have a good sense of where to focus their efforts, most find it difficult to create a comprehensive plan to address these issues,” explained Lee.

The reality is that most organizations operate in more than one continent. Further, with the explosion in sources of data collection as a result of the increased uptake of the internet of things (IoT), data privacy is much more complicated.

For example — many data privacy officers not just have to conform to the EU’s GDPR but also the California Consumer Privacy Act and new data laws in India, Vietnam, and other parts of Asia.

Gartner’s analysts believe that these requirements have become a significant budget line item for many, and it is clear that additional resources will be needed to assess and manage similar pieces of legislation still in the pipeline.

A majority of privacy executives in contact with Gartner also told their analysts that their organizations lack an information governance framework that can adapt to changing regulations.

Tech Wire Asia recently spoke to VFS Global’s Privacy & Group Data Protection Officer, Barry Cook, who said he battled similar challenges in order to create a strong compliance framework within his organization.

He also provided some practical advice to help data protection officers build a better workflow and an overall compliance function within the business.