Newly published research from Veritas Technologies, a leader in information management, shows that more than half of organizations have yet to do anything to meet minimum compliance with the General Data Protection Regulation (GDPR).
Designed to harmonize data governance, retention and security legislation across European Union (EU) member states, the GDPR requires greater oversight of where and how sensitive data — including personal, credit card, banking and health — are stored and transferred, and how access to them is policed and audited by organizations. The GDPR will not only affect companies in the EU, but it expands globally to the US and other countries, affecting any company that does business in the region or with an EU organization.
Research findings from The Global Databerg Report — which surveyed more than 2,500 senior technology decision makers in 2016 across Europe, the Middle East, Africa, the US and Asia Pacific — reveal that 54% of organizations have not yet made progress on your GDPR compliance readiness. With a third of the EU's grace period ending before the legislation takes effect in May 2018, responses emphasize a number of operational, compliance and planning issues, specifically ownership of GDPR processes and the ability to implement data cleansing policies. and end-of-life requirements.
The study was conducted for Veritas by research firm Vanson Bourne to investigate how organizations store and manage their data, highlighting attitudes and behaviors that are driving an unprecedented explosion of data.
Uncertainties about executive ownership of GDPR
The survey findings revealed a lack of GDPR preparedness and confusion regarding who is responsible for adhering to and complying with the regulation. Nearly a third, or 32%, of respondents believe the chief information officer is responsible for GDPR, compared to 21% who believe he is the chief information security officer, 14% the chief executive officer, and 10% the chief data officer. According to the research, people responsible for implementing a GDPR process also face a number of risks if data is not processed properly. Only less than a third, or 31%, of respondents were concerned about damage to their organization's reputation due to poor data policies, while 40% were fearful of a serious compliance failure in their organization.
Data pain points
Data fragmentation and loss of visibility are among the biggest challenges organizations face, making it more difficult to comply with GDPR regulations. Approximately 35% of respondents indicated this issue as their top concern. Specifically, the rise of unmanaged customer file sharing and cloud file storage services in enterprises has raised fears about future compliance issues. A quarter of respondents admitted to using cloud services such as Box, Google Drive, Dropbox, EMC Simplicity or Microsoft OneDrive against their company's current policies. 25% indicated using unrecognized off-premises file storage services, making it even more difficult for IT departments to manage usage with recognized tools.
In addition to storage challenges, respondents pointed to perceived risk factors that any regulatory and security compliance must address. More than half, or 52%, of respondents said they were concerned about the threat of enterprise data loss, with 48% particularly concerned about data loss in transit between sites and systems. Four in 10 respondents were also concerned that employees could process data incorrectly, undermining compliance efforts.
the right to forget
With GDPR, companies need to review and act on legitimate requests from people to have their data purged by organizations if it is no longer relevant or needed. However, the combination of data fragmentation and the unstructured accumulation of data across organizations makes it virtually impossible for companies to comply with these requests. Lack of visibility into dark information and data held outside corporate IT systems complicates compliance and exposes organizations to considerable financial and legal risk. These and other GDPR compliance failures entail a hefty financial cost for companies: a maximum fine of 20 million Euros (US$ 22.3 million) or up to 4% of worldwide revenue, whichever is greater.
"GDPR is the most significant change in terms of data protection in an entire generation and a looming global issue that will dominate discussions on regulations, management and data privacy in 2017," said Mike Palmer, Executive Vice President and Director of Veritas products. "To avoid potential regulatory fines or worse, damage to brands and corporate reputations, global companies must act now to understand where their data is and how to protect it."
Veritas is helping organizations around the world mitigate data risks through best practices for managing data in the cloud or on-premises, taking data inventories, deleting data that cannot be legally retained, and establishing and enforcing privacy policies. Dice. For additional information, go to www.veritas.com/gdpr.
EN 
PT 
