In recent years, the increased frequency of data breaches at large enterprises and within governments has painted a dismal picture of data protection and privacy for many citizens. In response, stricter data compliance structures have been adopted, such as the EU General Data Protection Regulation (GDPR), effective May 25, 2018.
Adopted on April 14, 2016, the GDPR replaced the previous EU data protection directive (Directive 95/46/EC), and brings together various EU data protection laws that determine how companies in the EU, U.S. and elsewhere use, manage and delete EU citizens’ personally identifiable information (PII). While this is beneficial for EU citizens, it poses major challenges for companies across the globe that possess EU citizens’ data.
Companies that fail to comply with the GDPR will face the greater of two fines—€20 million or 4 percent of global turnover. Given the dire consequences of failing to measure up to GDPR standards, it’s essential for enterprises to prepare for the GDPR.
Are Companies Prepared for the GDPR?
Companies have less than a two-year window to prepare for the GDPR. Taking time to learn and develop a plan of action to reach compliance with global-impacting data protection laws should be imperatives at companies that possess EU citizens’ data.
Yet research commissioned by Compuware and available in the new white paper “Unprepared for GDPR? A Research Report on the State of Enterprise Readiness for the EU’s New PII Mandates” shows companies aren’t doing enough to prepare for the GDPR:
- 68% of companies don’t have a comprehensive GDPR compliance plan
- 45% of companies are only vaguely familiar or unfamiliar with the GDPR
- 52% of U.S. companies possess EU customer data, but only 43% are aware of the GDPR
The time and effort organizations are spending to prepare for the GDPR is less than ideal. What’s just as disturbing is companies face the struggle of actually complying with the GDPR once they decide to take action.
Challenges of Preparing for the GDPR
According to the research, companies face a string of challenges, including the need to track data more closely while increasing data collection; navigate growing IT complexity; tackle digital transformation in accordance with GDPR standards; and improve security with outsourcing and mobility.
On top of these challenges, survey respondents pointed out the two biggest GDPR hurdles they expect are 1) improving the creation and management of test data, and 2) securing customer consent.
Improving Test Data
Survey respondents acknowledged test data is one of the most common ways PII gets replicated and spread around or beyond a company. Because developers are constantly creating new test data to test new or enhanced applications, if the test data isn’t properly masked and anonymized, every new set becomes a potential compliance problem down the road.
Securing Customer Consent
Survey respondents also noted the expected difficulty of securing customer consent for specific uses of citizens’ PII, as well as complying with citizens’ requests to delete their personal data under “right to be forgotten.” As of now, many companies don’t ask or aren’t sure if they ask for consent to use citizens’ data in application testing, nor do they often know where across the span of IT systems citizens’ data is stored.
These findings potentially foreshadow chaotic times ahead for companies if they continue to neglect efforts to prepare for the GDPR. But if enterprises begin taking the right steps to address these issues, the GDPR will feel less apocalyptic and more conducive to building great relationships with customers.
Is your company doing anything to prepare for the GDPR? To learn what steps you can take, read the white paper, “Unprepared for GDPR? A Research Report on the State of Enterprise Readiness for the EU’s New PII Mandates.”