Concerns about rapidly accelerating privacy regulations and their
associated regulatory burdens became the top emerging risk that
organizations face globally, according to Gartner, Inc.’s latest Emerging
Risks Monitor Report.
The quarterly survey of 98 senior executives across industries and
geographies showed that “accelerating privacy regulation” had overtaken “talent
shortages” as the top emerging risk in the Q1
2019 Emerging Risk Monitor survey (see Figure 1). Concerns around
privacy regulations were consistently spread across the globe, denoting
the increasingly numerous and geographically specific regulations that
companies must now comply with.
“With the General
Data Protection Regulation (GDPR) now in effect, executives realize
that complying with privacy regulations is more complex and costly than
first anticipated,” said Matt Shinkman, managing vice president and risk
practice leader at Gartner. “More budget dollars from IT, legal and
information security are going to address GDPR compliance, just as the California
Consumer Privacy Act (CCPA) is set to take effect, adding another
layer of complexity for companies to navigate in this area.”
Figure 1. Top Five Risks by Overall Risk Score: 2Q18, 3Q18,
|Rank||Q2 2018||Q3 2018||Q4 2018||Q1 2019|
|Pace of Change|
|Talent Shortage||Pace of Change||Talent Shortage|
|4||AI/Robotics Skill Gap||
|Lagging Digitization||Lagging Digitization|
|AI/Robotics Skill Gap||
Source: Gartner (April 2019)
Sixty-four percent of respondents indicated that accelerating privacy
regulation was a key risk facing their organizations. The data showed a
particularly elevated concern among executives from the banking,
financial services, technology and telecommunications, and food,
beverage and consumer goods sectors, with at least 70 percent of
executives in each sector indicating it as a top risk.
The CCPA is one of several new global privacy regulations modeled after
Europe’s GDPR law, which has been in effect since 2018. An increasingly
fragmented data privacy regulatory landscape, with new privacy laws also
recently enacted in Australia and Japan, have complicated the path to full
privacy compliance for many organizations.
“We are now seeing an evolution from GDPR-specific concerns, which have
been on executives’ minds for the past couple of years, to a broader
recognition that their organizations need to overhaul their entire data
security governance strategies,” said Mr. Shinkman. “GDPR compliance is
really just the starting gun in this process, and not the finish line.”
Data Shows Magnitude of Privacy Concerns
In addition to being rated the top risk this quarter, accelerating
privacy regulation was also rated as a risk with “very rapid velocity,”
meaning that the risk would have high organizational impact if it were
to materialize. This may hint at a wariness among executives of the
potentially large fines and reputational damage associated with
violations of GDPR and similar legislation. Accelerating privacy
regulation was also rated as the highest-probability risk of any of the
top 10 in this quarter’s report, demonstrating that executives view it
as a concrete threat to their organizations.
A number of other emerging risks cited in the survey may also be
contributing to executive unease around accelerating privacy regulation.
“Pace of change” was the second overall risk most concerning to
executives surveyed. It was also rated as one with “very rapid
velocity,” indicating executives are unnerved by their companies’
inability to avoid disruption and mitigate risk factors. Concerns about
lagging or misconceived digitization were both among the top five risks,
while outdated policies and procedures were flagged as a top 10 risk.
Last quarter’s top risk, talent
shortages, ranked third overall this quarter. This may complicate
and add expense to staffing efforts around the technical challenges
inherent to complying with the new regulations, such as the hiring of
data protection officers.
For executives concerned about complying with emerging data privacy
regulations, Gartner has produced a series of recommendations
for GDPR for the many functions affected, including strategies on
developing a data security governance strategy and guidelines for the
appointment of a chief data privacy officer.
More-detailed analysis is available to Gartner clients in the full
report and webinar recording 1Q19
Emerging Risks Report and Monitor. Nonclients can complete free
registration to read more in Emerging
Gartner, Inc. (NYSE: IT), is the world’s leading research and advisory
company and a member of the S&P 500. We equip business leaders with
indispensable insights, advice and tools to achieve their
mission-critical priorities today and build the successful organizations
Our unmatched combination of expert-led, practitioner-sourced and
data-driven research steers clients toward the right decisions on the
issues that matter most. We are a trusted advisor and objective resource
for more than 15,000 organizations in more than 100 countries — across
all major functions, in every industry and enterprise size.
To learn more about how we help decision makers fuel the future of
business, visit gartner.com.