Adapting to an increasingly volatile regulatory environment is the top priority for privacy executives, according to the latest report from technology research advisory company Gartner.
The study explores where privacy risk management executives plan to focus their strategies and budgets for 2019. It found that only approximately four in 10 executives are confident in their current abilities to keep pace with new requirements. It also revealed data privacy leaders’ top five priorities include the need to strengthen strategic approaches to engage with quickly shifting regulatory, technology, customer and third-party risk trends.
Gartner experts said there are commonalities between the priorities, primarily focused on effectively managing and guarding data in a strategic manner — as opposed to ad hoc efforts — amid rapidly changing expectations on privacy policy. Each priority also revealed significant gaps between executives’ desired objectives and where they currently view their organization’s progress.
“Our data suggests that while privacy executives have a good sense of where to focus their efforts, most find it difficult to create a comprehensive plan to address these issues,” Gartner managing vice president Brian Lee said.
The report suggests privacy executives believe their organizations lack an information governance framework than can adapt to changing regulations.
“Leading organizations are prioritizing flexibility when building their information governance structures, realizing that both the regulatory and technology landscapes will continue to shift across the next few years,” Lee said. “Privacy executives can play a lead role in identifying the most urgent business problems and by collaborating with stakeholders on defining risk ownership across the business.”
The research also shows seven in 10 privacy executives wish to develop a strategy to support digital transformation at their organizations, but most lack confidence in their existing plan. Gartner recommends designing an information governance framework that focuses less on formal structures, and more on business purpose. In addition, accounting for privacy risk in cross-functional strategic planning exercises is also critical.
“As privacy executives develop strategies to meet a growing list of challenges, privacy executives must go beyond simple metrics that track activities and look to measure how those activities impact their strategic objectives,” Lee added.
