Complying with rapidly accelerating privacy regulations is the top emerging risk faced by organizations globally, even above the talent shortage, according to a Thursday report from Gartner.

The report surveyed 98 senior executives worldwide across industries, and found that these concerns about privacy regulations were spread across the globe.

“With the General Data Protection Regulation (GDPR) now in effect, executives realize that complying with privacy regulations is more complex and costly than first anticipated,” Matt Shinkman, managing vice president and risk practice leader at Gartner, said in a press release. “More budget dollars from IT, legal and information security are going to address GDPR compliance, just as the California Consumer Privacy Act (CCPA) is set to take effect, adding another layer of complexity for companies to navigate in this area.”

SEE: IT pro’s guide to GDPR compliance (free PDF) (TechRepublic)

A total of 64% of respondents indicated that accelerating privacy regulation was a top risk impacting their organization this quarter, with increased concern among executives from the banking, financial services, technology, and telecommunications industries, as well as the food, beverage, and consumer goods industries.

Here are the top five emerging risks businesses faced in Q1 2019, according to Gartner:

  1. Accelerating privacy regulation
  2. Pace of change
  3. Talent shortage
  4. Lagging digitization
  5. Digitization misconceptions

This marks a major change from Q2 2018, when the top five concerns were cloud computing, cybersecurity, GDPR, AI/robotics skill gap, and global economic slowdown, the report found.

New regulations including GDPR and CCPA and laws enacted in Australia and Japan have made the path to full privacy compliance more difficult for many businesses, the survey found.

“We are now seeing an evolution from GDPR-specific concerns, which have been on executives’ minds for the past couple of years, to a broader recognition that their organizations need to overhaul their entire data security governance strategies,” Shinkman said in the release. “GDPR compliance is really just the starting gun in this process, and not the finish line.”

For more on GDPR, check out this TechRepublic cheat sheet.