Site icon Netimperative

EU data law deadline: 62% of businesses still at high risk of non-compliance fines

With the new GDPR regulations coming into force just 12-months from now, the research from Compuware reveals that the majority of retailers are still at risk of incurring costly non-compliance fines, despite organisations having made some progress since the same survey was conducted last year.

The global CIO study from Compuware Corporation, revealed that, despite making progress over the past 12 months,  the majority of European and U.S. businesses are still inadequately prepared to comply with the new EU General Data Protection Regulation (GDPR), due to be enacted next year.

However, the findings reveal that U.S. organisations are better prepared for the EU GDPR than their European counterparts. 60% of U.S. respondents with European customer data said they have a detailed and far-reaching plan in place, marking a slight rise from 56% that had plans last year. The UK was least prepared, with just 19% of organisations having a detailed plan in place, rising only slightly from 18% when the question was asked last year.

“Businesses are clearly heading in the right direction on GDPR compliance, but there is still a long way to go in a very short timeframe,” said Dr Elizabeth Maxwell, PDP, Technical Director, EMEA, Compuware. “UK businesses may be behind due to initial uncertainty over the impact of Brexit. But any organisation doing business in Europe will need to fall into line by the May 2018 deadline. Failure to comply could lead to devastating consequences should a data breach occur, something all too common given the growth of cybercrime and insider threats.”

Compliance hurdles

Identifying the areas of biggest concern, 56% of all respondents said that data complexity and ensuring data quality are the two biggest hurdles they will need to overcome to achieve GDPR compliance.

In addition, 75% of organisations said the complexity of modern IT services means they can’t always know where all customer data resides, whilst just over half (53%) said they could locate all of an individual’s data quickly, as will be required to comply with the “Right to be Forgotten” mandate included within the GDPR. Most worryingly of all, nearly a third (31%) admitted that, at present, they couldn’t guarantee they would be able to find all of a customer’s data.

“It will be impossible to comply with the GDPR’s ‘Right to be Forgotten’ if organisations can’t find customer data,” continued Maxwell. “Due to its security and scalability, most large organisations store most of their customer data on the mainframe. This data usually resides in a complex rabbit warren of databases spanning multiple systems, and organizations use manual, time-consuming methods to find and extract it. Businesses need an automated way to map and visualise data relationships, so they can quickly find the specific and relevant data and delete it, without needing specialist skills.”

Commissioned by Compuware and conducted by independent research company Vanson Bourne, the survey was administered to 400 CIOs at large companies covering a cross-section of vertical markets in France, Germany, Italy, Spain, the UK and the U.S.

This survey, conducted in April 2017, was a follow up to a similar survey conducted in 2016. Review the results of the 2016 GDPR research here: http://hubs.ly/H07qN5W0

 Source: compuware.com.

Exit mobile version