UK businesses may be living in fear of the looming deadline for GDPR compliance but these concerns are spreading like wildfire across the world, with nearly half of all firms across Europe, the US and Asia Pacific admitting to major doubts that they will meet the May 25, 2018 D-Day.
Even more worrying, over 20% of these companies said they fear that non-compliance could put them out of business, with a further 21% predicting job cuts.
Less than one third (31%) of respondents believe their organization is GDPR ready, but measures to tackle compliance do not come cheap; on average, firms are forecasting spending in excess of $1.4m (£1.1m) on GDPR readiness initiatives.
That is according to a global study by Veritas Technologies, which reveals the strength of feeling about the new legislation, with the vast majority (86%) of organisations worldwide being concerned that a failure to adhere to GDPR will have a major negative impact on their business.
GDPR, which takes effect on May 25, 2018, will not only affect companies within the EU, but extend globally, impacting any company that offers goods or services to EU residents, or monitors their behaviour, for example, by tracking their buying habits.
The study indicates that a whopping 47% of organisations globally have major doubts that they will meet this impending compliance deadline. A further 21% are very worried about potential layoffs, fearing that staff reductions may be inevitable.
Companies are also worried about the impact non-compliance could have on their brand image, especially if and when a compliance failure is made public, potentially as a result of the new obligations to notify data breaches to those affected.
Some 19% of those surveyed fear that negative media or social coverage could cause their organisation to lose customers, while an additional one in ten (12%) are very concerned that their brand would be devalued as a result of negative coverage.
The research also shows that many companies appear to be facing serious challenges in understanding what data they have, where that data is located, and its relevance to the business – a critical first step in the GDPR compliance journey. Key findings reveal that many companies are struggling to solve these challenges because they lack the proper technology to address compliance regulations.
Almost one third (32%) of respondents are fearful their current technology stack is unable to manage their data effectively, something that could hinder their ability to search, discover and review data – all essential criteria for GDPR compliance.
In addition, 39 percent of respondents say their organisation cannot accurately identify and locate relevant data. This is another critical competency as the regulation mandates that, when requested, businesses must be able to provide individuals with a copy of their data, or delete it, within a 30-day time frame.
There is also widespread concern about data retention. More than two-fifths (42%) of organisations admitted there is no mechanism in place to determine which data should be saved or deleted based on its value.
Under GDPR, companies can retain personal data if it is still being used for the purpose that was notified to the individual concerned when the data was collected, but must delete personal data when it is no longer needed for that purpose.
Veritas executive vice president and chief product officer Mike Palmer said: “There is just over a year to go before GDPR comes into force, yet the ‘out of sight, out of mind’ mentality still exists in organizations around the world. It doesn’t matter if you’re based in the EU or not, if your organisation does business in the region, the regulation applies to you. A failure to react now puts jobs, brand reputation and the livelihood of businesses in jeopardy.”
ICO insists GDPR guidance will cover legitimate interest
Industry on alert over third-party data legal crackdown
DMA joins forces in bid to demystify legitimate interests
GDPR consent updates spark chilling warning to brands
GDPR compensation to dwarf £30bn bill for PPI claims
Half of all firms still not compliant with 1998 data laws
Data compensation claims ‘could run into millions’