GDPR Is Coming Soon … and Companies Aren't Ready

 
 
By Samuel Greengard  |  Posted 10-25-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    GDPR Is Coming Soon … and Companies Aren't Ready
    Next

    GDPR Is Coming Soon … and Companies Aren't Ready

    The E.U. General Data Protection Regulation will impact all companies that have customers in Europe, but many organizations haven't started preparing for it.
  • Previous
    Awareness Exists
    Next

    Awareness Exists

    95% of the executives surveyed are aware that they need to comply with the GDPR, and 85% have reviewed its requirements.
  • Previous
    Feeling Secure
    Next

    Feeling Secure

    79% believe their data is as secure as it can be.
  • Previous
    False Sense of Security?
    Next

    False Sense of Security?

    64% don't know that a customer's date of birth is personally identifiable information (PII). 42% don't know that email marketing databases contain PII. 32% don't consider physical addresses as PII. 21% don't view a customer's email as PII.
  • Previous
    No Worries?
    Next

    No Worries?

    66% were dismissive about the amount they could be fined if they didn't comply with the GDPR. They believe reputation and brand equity damage are the biggest risks.
  • Previous
    Steep Fines
    Next

    Steep Fines

    Only 33% of the executives surveyed knew that GDPR fines could be as high as €20 million, or 4% of their company's worldwide annual revenue of the prior financial year.
  • Previous
    Not So Fine
    Next

    Not So Fine

    Despite being aware of the huge GDPR fines for noncompliance, one in five respondents said that the fine "wouldn't bother them."
  • Previous
    Who's Accountable?
    Next

    Who's Accountable?

    Only 14% of the executives surveyed knew that the loss of EU customer data is the responsibility of both the company and service providers.
  • Previous
    Confusion Abounds
    Next

    Confusion Abounds

    51% incorrectly believe that fines are imposed only on EU data owners, and 24% incorrectly think that they affect only service providers.
  • Previous
    Who Should Lead a GDPR Initiative?
    Next

    Who Should Lead a GDPR Initiative?

    31% of respondents said the CEO should lead, and 27% said the CISO should take charge. 22% said a board-level executive should participate. Yet, only 21% have a senior-level executive involved.
  • Previous
    Mandate: State-of-the-Art Tech
    Next

    Mandate: State-of-the-Art Tech

    The GDPR mandates that businesses must implement state-of-the-art security technologies that are relative to the risks faced.
  • Previous
    Only a Minority Comply With Tech Mandate
    Next

    Only a Minority Comply With Tech Mandate

    34% have implemented advanced capabilities to identify intruders. 33% have invested in data leak prevention technologies. 31% have employed encryption technologies.
 

When the European Union's General Data Protection Regulation (GDPR) takes effect on May 25, 2018, it will affect global companies in a significant way. The initiative establishes specific requirements for how organizations must handle personal data touching E.U. citizens—even businesses that aren't physically located in Europe. The GDPR requirements include the need to appoint a data protection officer and follow specific guidelines about how an enterprise communicates with its customers in the E.U. about data and privacy. A September 2017 survey conducted by cyber-security solutions provider Trend Micro, in conjunction with Opinium, found that most executives are not adequately prepared for GDPR, and the fallout could be significant. Understanding is lacking, planning is lagging and security strategies aren't yet in place. All of this could result in large fines and other penalties—including lawsuits. Here's a look at some of the key findings from 1,132 online interviews with IT decision-makers from businesses with 500+ employees in 11 countries, including the United States.

 
 
 
 
 
Samuel Greengard writes about business and technology for Baseline, CIO Insight and other publications. His most recent book is The Internet of Things (MIT Press, 2015).

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register