It is well documented that businesses are living in fear of huge fines once the GDPR comes into play, but a staggering one in five believe that the new legislation could wipe out their business altogether.
According to a study by Veritas Technologies, a huge 86% of global businesses are concerned that non-compliance to GDPR could negatively impact their business, with 20% fearing that that non-compliance could put them out of business. This is in the face of potential fines for non-compliance as high as €20 million or four per cent of annual turnover – whichever is greater.
GDPR should need no introduction, especially with the start date now in sight. However, the legislation, in a nutshell, looks to strengthen and unify data protection for all individuals within the EU. The data regulation will govern how data is stored and transferred, and how access to it is policed and audited by organisations.
Looking to go live on May 25, 2018, GDPR will not only impact EU companies, but also those who offers goods or services to EU residents, or monitors their behavior. The study reveals that a huge 47% of organisations globally have major doubts that they will meet this impending compliance deadline.
The Veritas 2017 GDPR Report also found that 21% are very worried about potential layoffs, fearing that staff reductions may be an inevitable outcome as a result of financial penalties incurred as a result of GDPR compliance failures. Non-compliance also beings fears regarding brand reputation, with 19% concerned that negative media or social coverage could cause their organisation to lose customers. An additional one in ten (12%) are very concerned that their brand would be de-valued as a result of failure going public.
The fear of failure among global organisations is well-founded when taking into account the serious technology challenges they face. A key step toward GDPR compliance is knowing the what, where and when with the data an organization deals with – with companies coming up short due to the lack of proper technology. The survey revealed that almost one third (32%) of respondents are fearful their current technology stack is unable to manage their data effectively, something that could hinder their ability to search, discover and review data – all essential criteria for GDPR compliance.
A further 39% said that their organisation cannot accurately identify and locate relevant data, exposing yet another lack of critical competency as the regulation mandates that businesses must be able to provide or delete data requested by individuals. Data retention was also found to be a key concern, with 42% of organisations admitting that there is no mechanism in place to determine which data should be saved or deleted based on its value. Under GDPR, companies can retain personal data if it is still being used for the purpose that was notified to the individual concerned when the data was collected, but must delete personal data when it is no longer needed for that purpose.
For those businesses trying to assuage fears and work towards compliance, the survey found that firms are already footing seven figure sums. On average, firms are forecasting spending in excess of €1.3m on GDPR readiness initiatives.
“There is just over a year to go before GDPR comes into force, yet the ‘out of sight, out of mind’ mentality still exists in organisations around the world. It doesn’t matter if you’re based in the EU or not, if your organisation does business in the region, the regulation applies to you,” said Mike Palmer, Executive Vice President and Chief Product Officer, Veritas.
“A sensible next step would be to seek an advisory service that can check the level of readiness and build a strategy that ensures compliance. A failure to react now puts jobs, brand reputation and the livelihood of businesses in jeopardy.”