On May 25, the General Data Protection Regulation (GDPR) will go into effect in the European Union (EU), although the ripples will be felt worldwide. The regulations hope to enhance data protection of citizen’s personal data. Unfortunately, most organizations aren’t ready for the new rules, a new survey from analytics solution provider SAS found.
"The demand for data privacy is not going away. We want to make sure organizations are ready to help their customers understand how their data is being used," said Todd Wright, senior product marketing manager at SAS. "To do that, organizations need to engage every element of their business operations in a long-term GDPR and privacy program. Just leaving it up to IT to figure out is a recipe for failure."
The GDPR put forth a privacy and data protection variety of requirements that set parameters for any organization that stores, collets, or processes large amounts of user information from EU citizens. Some of the key privacy and data protection requirements of the GDPR include:
- Requiring the consent of subjects for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Yet, with less than until the GDPR deadline goes into effect, 93% of those surveyed say that they are not yet fully GDPR compliant. Less than half of global organizations (46%) expect to be compliant when the new rules go into effect, the SAS survey found. In the United States, that figure drops to three out of ten.
It’s not surprising since compliance is likely to be costly. For most companies, the bill will run $1 million just for technology, according to a survey by the global law firm Paul Hastings LLP. Firms listed in the Financial Times Stock Exchange 350 expect to spend £430,000 on technology and Fortune 500 companies expect to lay out $1 million, the company estimated. Added to that are costs associated with hiring employees with GDPR know how, as well as the bill for necessary legal advice. It’s likely to add up.
However, compliance is important, both to adhere to the law and because consumer expectations are on the rise. "Consumers are now demanding the kind of trust that GDPR requires," Wright said. "Organizations that comply will have much stronger data management that leads to increased productivity and a better understanding of how to serve their customers." In the end, it’s just good business.
These were the findings of a global survey of 183 business people in a wide variety of industries who have a role in preparing their organizations for GDPR.
The infographic below from SAS outlines some of the findings from the SAS survey. Take a look and let us know if these new regulations are on your radar in the comments section below.
— Hailey Lynne McKeefry, Editor in Chief, EBN