In May 2016, companies were just starting to think about how the EU General Data Protection Regulation (GDPR) would affect them two years later. Today, we’re about 12 months out from when the new regulations will come into effect.
Designed to replace the previous EU data protection directive (Directive 95/46/EC), the GDPR brings together various EU data protection laws that determine how companies across the globe use, manage and delete EU citizens’ personally identifiable information (PII).
But how prepared are companies for the this? A press release promoting new Compuware-commissioned research from Vanson Bourne suggests companies still have work to do:
- 88 percent of U.S. companies say they are well-briefed on GDPR. Still, 90 percent are concerned about their ability to use customer data within new compliance rules. Only 67 percent of EU businesses are well-briefed.
- Only 38 percent of all respondents have a comprehensive plan in place for how they will comply with GDPR, leaving the majority at risk for non-compliance fines.
- Three-quarters of organizations are likely to struggle with the GDPR’s “Right to be Forgotten” mandate, as IT complexity means they are uncertain as to where all customer data resides.
Amidst the race to patch together a plan for GDPR compliance in the next year, companies will also face significant compliance hurdles. The biggest areas of concern for U.S. businesses are as follows:
- Design and implementation of internal processes (65 percent).
- Securing customer consent to use their personal data and handling the process of data withdrawal if requested by the customer (64 percent).
- Ensuring data quality (52 percent).
- The cost of implementation (43 percent).
- Data complexity (41 percent).
How to Prepare
Despite the impact the GDPR will have on companies, whether they exist in the EU, U.S. or elsewhere, most still are unprepared for the regulation. With one year left, there is much work to be done to avoid noncompliance penalties—heavy fines or four percent of annual worldwide turnover; whichever is greater. Preparation for the new mandates must be moved to the forefront of companies’ strategic objectives for 2017.
For help creating a compliance plan, read Compuware’s white paper “Unprepared for GDPR? A Research Report on the State of Enterprise Readiness for the EU’s New PII Mandates,” available in English, French, and German. You will learn more about the challenges and implications of non-compliance, and what your company can do to ensure it’s prepared for next May.