Press release

Gartner Says Just Four in 10 Privacy Executives Are Confident About Adapting to New Regulations

Sponsored by Businesswire

Adapting to an increasingly volatile regulatory environment is the top
priority for privacy executives, with only approximately four in 10
confident in their current abilities to keep pace with new requirements,
according to a Gartner, Inc.

Conversations with Gartner clients and Gartner’s annual survey data
reveals where data privacy executives plan to focus their strategies and
budgets for 2019. Their top five priorities highlighted the need to
strengthen strategic approaches to engage with quickly shifting
regulatory, technology, customer and third-party risk trends.

“Strategic and regulatory flexibility will be critical to the success of
privacy functions this year,” said Brian Lee, managing vice president
for Gartner. “Organizations still feeling the full force of complying
with Europe’s General
Data Protection Regulation
(GDPR) are now being asked to adapt to
additional regulatory requirements, which can impact both short- and
long-term strategy. This is especially important, as regulators and
customers alike have made it clear that there is no longer a grace
period for companies getting their privacy priorities in order.”

Privacy Executives’ Top Priorities

The top five priorities for 2019 are:

1. Adapting to a Volatile Regulatory Environment

2. Establishing a Privacy Strategy to Support Digital Transformation

3. Implementing an Effective Third-Party Risk Management Program

4. Strengthening Customer Trust and Brand Loyalty

5. Identifying Metrics to Measure Privacy Program Effectiveness

Gartner experts said there are commonalities between the priorities,
primarily focused on effectively managing and guarding data in a
strategic manner — as opposed to ad hoc efforts — amid rapidly changing
expectations on privacy policy. Each priority also revealed significant
gaps between executives’ desired objectives and where they currently
view their organization’s progress.

“Our data suggests that while privacy executives have a good sense of
where to focus their efforts, most find it difficult to create a
comprehensive plan to address these issues,” said Mr. Lee.

Regulatory Urgency

A majority of privacy executives in contact with Gartner believe that
their organizations lack an information governance framework that can
adapt to changing regulations.

Adapting to a volatile regulatory environment has already proven to be a
significant challenge this year, as the complexity and costs of meeting
full GDPR compliance emerges and additional regulatory requirements,
such the California
Consumer Privacy Act
, come into effect. These requirements have
become a significant budget line item for many, and it is clear that
additional resources will be needed to assess and manage similar pieces
of legislation still in the pipeline.

“Leading organizations are prioritizing flexibility when building their
information governance structures, realizing that both the regulatory
and technology landscapes will continue to shift across the next few
years,” said Mr. Lee. “Privacy executives can play a lead role in
identifying the most urgent business problems and collaborating with
stakeholders on defining risk ownership across the business.”

Lack of Confidence in Programs’ Effectiveness

Gartner research also shows that around seven in 10 privacy executives
wish to develop a strategy to support digital transformation at their
organizations, but most lack confidence in their existing plan. The
challenge of formalizing information governance in a fast-paced digital
environment remains a key concern for privacy executives. Gartner
recommends designing an information governance framework that focuses
less on formal structures, and more on business purpose. In addition,
accounting for privacy risk in cross-functional strategic planning
exercises is also critical.

Part of this is concern is driven by the lack of relevant metrics to
track privacy effectiveness within organizations. In fact,
three-quarters of privacy executives lack the confidence to effectively
report on program outcomes. “As privacy executives develop strategies to
meet a growing list of challenges, privacy executives must go beyond
simple metrics that track activities and look to measure how those
activities impact their strategic objectives,” Mr. Lee said.

Gartner For Legal & Compliance Leaders can access the full results of
the agenda poll, along with an upcoming research calendar addressing
their top priorities, in “2019
Privacy Program Priorities”

About Gartner for Legal & Compliance Leaders

Gartner for Legal & Compliance Leaders supports senior legal and
compliance executives with their most critical priorities. Gartner
offers a unique breadth and depth of content to support clients’
individual success and deliver on key initiatives that cut across
finance functions to drive business impact. Learn more at

About Gartner

Gartner, Inc. (NYSE: IT), is the world’s leading research and advisory
company and a member of the S&P 500. We equip business leaders with
indispensable insights, advice and tools to achieve their
mission-critical priorities today and build the successful organizations
of tomorrow.

Our unmatched combination of expert-led, practitioner-sourced and
data-driven research steers clients toward the right decisions on the
issues that matter most. We are a trusted advisor and objective resource
for more than 15,000 organizations in more than 100 countries — across
all major functions, in every industry and enterprise size.

To learn more about how we help decision makers fuel the future of
business, visit