Accelerating Privacy Regulation: The Top Emerging Risk for Organisations

According to Gartner’s recent quarterly Emerging Risks Monitor Report (1Q19), 98 risk, audit and compliance executives have ranked rapidly accelerating privacy regulations and their associated regulatory burdens as their top emerging risk that organizations face globally (see: Gartner, Inc.’s Emerging Risks Monitor Report).

Rapidly accelerating privacy regulations is defined as the risk of progressively complicated statutory regimes, which cover the use and protection of customer data, creating the potential for legal and financial exposure.

This risk has overtaken ‘Talent Shortages’ which led last quarter and is followed by ‘Pace of Change’ (see Figure 1 below and ‘Gartner top-ten-emerging-risks’, attached).

According to Matt Shinkman, Managing Vice President and Risk Practice Leader at Gartner, “with the General Data Protection Regulation (GDPR) now in effect, executives realize that complying with privacy regulations is more complex and costly than first anticipated. More budget dollars from IT, legal and information security are going to address GDPR compliance, just as the California Consumer Privacy Act (CCPA) is set to take effect, adding another layer of complexity for companies to navigate in this area.”

Figure 1. Top Five Risks by Overall Risk Score: 2Q18, 3Q18, 4Q18, 1Q19

Rank Q2 2018 Q3 2018 Q4 2018 Q1 2019
1 Cloud Computing Accelerating Privacy Regulation Talent Shortage Accelerating Privacy Regulation
2 Cybersecurity Disclosure Cloud Computing Accelerating Privacy Regulation Pace of Change
3 General Data Protection Regulation Talent Shortage Pace of Change Talent Shortage
4 AI/Robotics Skill Gap Cybersecurity Disclosure Lagging Digitization Lagging Digitization
5 Global Economic Slowdown AI/Robotics Skill Gap Digitization Misconceptions Digitization Misconceptions

Source: Gartner (April 2019)

In a separate survey of privacy executives, Gartner found that privacy regulation was a top priority for respondents – yet only around 40% of respondents were confident about their ability to keep up with the shifting environment around regulations.

“Our data suggests that while privacy executives have a good sense of where to focus their efforts, most find it difficult to create a comprehensive plan to address these issues,” Gartner Managing Vice President Brian Lee said.

Gartner reported the top five Privacy Executives’ priorities as:

  1. Adapting to a Volatile Regulatory Environment
  2. Establishing a Privacy Strategy to Support Digital Transformation
  3. Implementing an Effective Third-Party Risk Management Program
  4. Strengthening Customer Trust and Brand Loyalty
  5. Identifying Metrics to Measure Privacy Program Effectiveness

The risk of rapidly accelerating privacy regulations should be of no less a concern to AUSTRALIAN EXECUTIVES, especially Chief Privacy Officers, who need to operate in an increasingly fragmented data privacy regulatory landscape.

A few ideas:

  • Privacy regulation – its risk and reward – should be elevated to the Board and receive a Board/ELT mandate.
  • Sufficient budget should be allocated to this risk/opportunity.
  • Organisations should be proactive in advocating for self-regulation and engaging with government in new regulatory settings.
  • Ensure data privacy is embedded in good data governance.
  • Access external advice where necessary.

Most importantly, COLLEAGUING with peers from other organisations in order to share leading practice is a must as GOOD DATA GOVERNANCE = GOOD HYGIENE.

It’s not a competitive advantage since a privacy failure anywhere in a sector impacts consumer confidence throughout the sector – and across sectors.

DATA GOVERNANCE AUSTRALIA is the forum to share leading practice and represents the voice of industry to government.  Give us a call…