The latest enterprise risk management news from around the world

Emerging Risks Monitor finds that accelerating privacy regulation is the top emerging risk

Concerns about rapidly accelerating privacy regulations and their associated regulatory burdens has become the top emerging risk that organizations face globally, according to Gartner’s latest Emerging Risks Monitor report. 

The quarterly survey of senior executives across industries and geographies showed that ‘accelerating privacy regulation’ had overtaken ‘talent shortages’ as the top emerging risk in the Q1 2019 Emerging Risk Monitor survey. Concerns around privacy regulations were consistently spread across the globe, denoting the increasingly numerous and geographically specific regulations that companies must now comply with.

“With the General Data Protection Regulation (GDPR) now in effect, executives realize that complying with privacy regulations is more complex and costly than first anticipated,” said Matt Shinkman, managing vice president and risk practice leader at Gartner. “More budget dollars from IT, legal and information security are going to address GDPR compliance, just as the California Consumer Privacy Act (CCPA) is set to take effect, adding another layer of complexity for companies to navigate in this area.”

Sixty-four percent of respondents indicated that accelerating privacy regulation was a key risk facing their organizations. The data showed a particularly elevated concern among executives from the banking, financial services, technology and telecommunications, and food, beverage and consumer goods sectors, with at least 70 percent of executives in each sector indicating it as a top risk.  

The CCPA is one of several new global privacy regulations modeled after Europe’s GDPR law, which has been in effect since 2018. An increasingly fragmented data privacy regulatory landscape, with new privacy laws also recently enacted in Australia and Japan, have complicated the path to full privacy compliance for many organizations.  

“We are now seeing an evolution from GDPR-specific concerns, which have been on executives’ minds for the past couple of years, to a broader recognition that their organizations need to overhaul their entire data security governance strategies,” said Mr. Shinkman. “GDPR compliance is really just the starting gun in this process, and not the finish line.”

In addition to being rated the top risk this quarter, accelerating privacy regulation was also rated as a risk with ‘very rapid velocity’, meaning that the risk would have high organizational impact if it were to materialize. This may hint at a wariness among executives of the potentially large fines and reputational damage associated with violations of GDPR and similar legislation. Accelerating privacy regulation was also rated as the highest-probability risk of any of the top 10 in this quarter’s report, demonstrating that executives view it as a concrete threat to their organizations.

A number of other emerging risks cited in the survey may also be contributing to executive unease around accelerating privacy regulation. ‘Pace of change’ was the second overall risk most concerning to executives surveyed. It was also rated as one with ‘very rapid velocity’, indicating that executives are unnerved by their companies’ inability to avoid disruption and mitigate risk factors. Concerns about lagging or misconceived digitization were both among the top five risks, while outdated policies and procedures were flagged as a top ten risk.

Last quarter’s top risk, talent shortages, ranked third overall this quarter. This may complicate and add expense to staffing efforts around the technical challenges inherent to complying with the new regulations, such as the hiring of data protection officers.

The Top Five Risks by Overall Risk Score: 2Q18, 3Q18, 4Q18, 1Q19:

Rank

Q2 2018

Q3 2018

Q4 2018

Q1 2019

1

Cloud Computing

Accelerating Privacy Regulation

Talent Shortage

Accelerating Privacy Regulation

2

Cybersecurity Disclosure

Cloud Computing

Accelerating Privacy Regulation

Pace of Change

3

General Data Protection Regulation

Talent Shortage

Pace of Change

Talent Shortage

4

AI/Robotics Skill Gap

Cybersecurity Disclosure

Lagging Digitization

Lagging Digitization

5

Global Economic Slowdown

AI/Robotics Skill Gap

Digitization Misconceptions

Digitization Misconceptions

Source: Gartner (April 2019)

www.gartner.com



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.