Survey: Companies Unprepared for New EU Data Rules
The clock is ticking on new data privacy regulations set to enter into force next year, prompting enterprise data management vendors to issue dire warnings about mandatory regulatory compliance and—not coincidentally--offering turnkey solutions.
Enforcement of the European Union's General Data Protection Regulation (GDPR) is scheduled to begin on May 25, 2018, replacing a 1995 directive. Approved by the EU Parliament last April, the new rules are primarily designed to harmonize data privacy laws across Europe. They also reflect a new framework on trans-Atlantic data transfers forged last year that among other things require U.S. companies importing personal data from Europe to commit to stringent data privacy guidelines.
The new rules have complicated data governance compliance for U.S. and other companies operating in Europe, forcing them to scramble to meet the looming regulatory deadlines.
According to a vendor survey released this week, a large majority of global companies are worried that failure to comply with GDPR will hurt their business. Eighteen percent said stiff penalties for non-compliance could put them out of business.
Penalties for non-compliance could reach as high as 20 million euros (about $21.8 million). Nearly a quarter of respondents said stiff EU penalties could result in layoffs, according to the survey findings released by information management specialist Veritas Technologies.
Personal data that would have to be safeguarded under the new rules include credit card and other financial information along with health data.
Veritas Technologies, which polled about 900 executives in the U.S., Europe and Asia in February and March, reported that 47 percent of global organizations have "major doubts" they can meet the EU's compliance deadline.
The new data privacy rules apply to "all companies processing the personal data of data subjects residing in the [European] Union, regardless of the company’s location," the EU stated. The updated rules reflect the rise of cloud computing, and the EU is explicit in stating that "these rules apply to both controllers and processors—meaning 'clouds' will not be exempt from GDPR enforcement."
In response, Veritas Technologies and others are pitching data management tools specifically tailored to GDPR compliance. Those platforms focus on identifying what data types enterprises have and where it is stored. For example, the industry survey found that 39 percent of respondents said they are currently unable to locate and identify data relevant to their business.
Those capabilities are critical since the new EU regulation will require companies to provide individuals with copies of stored data when requested. The rules obligate companies to produce copies or delete customer data within 30 days of a request.
With less than one-third of respondents prepared to comply with the new rules, the survey found that companies are prepared to spend more than $1.4 million on compliance initiatives over the next year.