GDPR and CCPA Are Businesses Biggest Risks

• Content
• People
• GDPR and CCPA Are Businesses Biggest Risks

16 April 2019 | Updated 25 April 2019

Gartner's quarterly survey has shown that privacy regulation has returned to the top of the list of emerging risks that worry organisations in light of the GDPR and the California Consumer Privacy Act.

Gartner's latest Emerging Risks Monitor Report shows concerns around privacy regulations were consistently spread across the globe, denoting the increasingly numerous and geographically specific regulations that companies must now comply with.

“With the General Data Protection Regulations (GDPR) now in effect, executives realise that complying with privacy regulations is more complex and costly than first anticipated,” said Matt Shinkman, managing vice president and risk practice leader at Gartner. “More budget dollars from IT, legal and information security are going to address GDPR compliance, just as the California Consumer Privacy Act (CCPA) is set to take effect, adding another layer of complexity for companies to navigate in this area.”

Sector concern

With sixty-four per cent of overall respondents indicating privacy regulation as a key risk, the data showed an elevated concern among executives from the banking, financial services, technology & telecommunications and food, beverage & consumer goods sectors, with at least 70 per cent of executives in each sector indicating it as a top risk. 

CCPA

The CCPA is one of several new global privacy regulations modelled after Europe’s GDPR law. An increasingly fragmented data privacy regulatory landscape, with new privacy laws also recently enacted in Australia and Japan, have complicated the path to full privacy compliance for many firms. 

“We are now seeing an evolution from GDPR-specific concerns, which have been on executives’ minds for the past couple of years, to a broader recognition that their organisations need to overhaul their entire data security governance strategies,” said Shinkman. “GDPR compliance is really just the starting gun in this process, and not the finish line.”

Magnitude of concerns

In addition to being rated the top risk this quarter, accelerating privacy regulation was also rated as a risk with 'very rapid velocity', meaning that the risk would have high impact if it were to materialise. This may hint at a wariness among executives of the potentially large fines and reputational damage associated with violations of GDPR and similar legislation.

Privacy regulation was also rated as the highest-probability risk of any of the top 10 in this quarter’s report, demonstrating that executives view it as a concrete threat.

For those concerned about complying with emerging data privacy regulations, Gartner has produced a series of recommendations for GDPR, including developing a data security governance strategy and guidelines for the appointment of a chief data privacy officer.

Picture: Falling foul of international privacy regulations is the top concern for organisations in light of GDPR and the California Consumer Privacy Act.

Article written by Brian Shillibeer | Published 16 April 2019

Share

Related Articles