sb-as logo
Story image

Gartner: The five priorities of privacy executives

25 Apr 2019

Adapting to an increasingly volatile regulatory environment is the top priority for privacy executives, with only approximately four in 10 confident in their current abilities to keep pace with new requirements, according to a Gartner.

Conversations with Gartner clients and Gartner’s annual survey data reveals where data privacy executives plan to focus their strategies and budgets for 2019. 

Their top five priorities highlight the need to strengthen strategic approaches to engage with quickly shifting regulatory, technology, customer and third-party risk trends.

“Strategic and regulatory flexibility will be critical to the success of privacy functions this year,” says Gartner managing vice president Brian Lee. 

“Organisations still feeling the full force of complying with Europe’s General Data Protection Regulation (GDPR) are now being asked to adapt to additional regulatory requirements, which can impact both short- and long-term strategy. This is especially important, as regulators and customers alike have made it clear that there is no longer a grace period for companies getting their privacy priorities in order.”

Privacy executives’ top priorities:

  1. Adapting to a Volatile Regulatory Environment
  2. Establishing a Privacy Strategy to Support Digital Transformation
  3. Implementing an Effective Third-Party Risk Management Program
  4. Strengthening Customer Trust and Brand Loyalty
  5. Identifying Metrics to Measure Privacy Program Effectiveness

Gartner experts say there are commonalities between the priorities, primarily focused on effectively managing and guarding data in a strategic manner - as opposed to ad hoc efforts - amid rapidly changing expectations on privacy policy. 

Each priority also reveals significant gaps between executives’ desired objectives and where they currently view their organisation’s progress.

“Our data suggests that while privacy executives have a good sense of where to focus their efforts, most find it difficult to create a comprehensive plan to address these issues,” saya Lee.

A majority of privacy executives in contact with Gartner believe that their organisations lack an information governance framework that can adapt to changing regulations.

Adapting to a volatile regulatory environment has already proven to be a significant challenge this year, as the complexity and costs of meeting full GDPR compliance emerges and additional regulatory requirements, such the California Consumer Privacy Act, come into effect.

These requirements have become a significant budget line item for many, and it is clear that additional resources will be needed to assess and manage similar pieces of legislation still in the pipeline.

“Leading organisations are prioritising flexibility when building their information governance structures, realising that both the regulatory and technology landscapes will continue to shift across the next few years,” adds Lee. 

“Privacy executives can play a lead role in identifying the most urgent business problems and collaborating with stakeholders on defining risk ownership across the business.”

Gartner research also shows that around seven in 10 privacy executives wish to develop a strategy to support digital transformation at their organisations, but most lack confidence in their existing plan. 

The challenge of formalising information governance in a fast-paced digital environment remains a key concern for privacy executives. 

Gartner recommends designing an information governance framework that focuses less on formal structures, and more on business purpose. 

In addition, accounting for privacy risk in cross-functional strategic planning exercises is also critical.

Part of this is concern is driven by the lack of relevant metrics to track privacy effectiveness within organisations. 

In fact, three-quarters of privacy executives lack the confidence to effectively report on programme outcomes. 

“As privacy executives develop strategies to meet a growing list of challenges, privacy executives must go beyond simple metrics that track activities and look to measure how those activities impact their strategic objectives,” Lee says.

Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
NVIDIA takes AI into the heart of cybersecurity with Morpheus
The Morpheus application framework will provide security partners with AI-enhanced tools that can detect and prevent security threats.More
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More