Despite the fact that the EU General Data Protection Regulation (GDPR) is due to come into effect on May 25, 2018, there is still uncertainty about how businesses handle and protect sensitive data.
GDPR criteria maintains that any company, which holds or processes any kind of personal information relating to European citizens through goods or services, must abide by the new data privacy and storage laws. This includes both physical or digital files.
However, the latest report on UK companies shows 47% of their workers don’t know if their company is taking action to comply with the new legislation. Another study shows that less than a third of global organizations state they are compliant or close to being compliant.
A study by Veritas yielded the same result with even more dire numbers. Those businesses that already conform to the legislation’s requirement admitted to unlikely being in compliance with specific provisions, with only a measly 2% appearing to be in actual compliance.
The subsequent findings point to a gross misunderstanding over regulation readiness. Under the GDPR rules, EU residents will have to give consent for their personal data to be used, as well as be provided full access to their data. In addition, they have the right to request the removal of their data, such as usernames and emails businesses use for their newsletter databases.
Still, research shows that a large number of organizations have common issues regarding the inner workings of GDPR. Even those that are already in compliance don’t have the means to meet the lower level requirements such as finding and erasing personal data, searching and analyzing said data, and its actual storage location. All these shortcomings would make a company non-compliant under the GDPR.
The new legislation presents a major change in how European businesses approach their data practices. Many see GDPR as a major disruptor regarding the management of the customer information, particularly because it involves companies from every sector that deal with customer data in one way or another.
The trouble with implementing GDPR lies in the costs and resources needed to see the process through. That’s hardly a surprise considering the regulations are more than 200-pages long and present a complete overhaul of the previous Data Protection Directive that’s been in place since 1995.
GDPR will reach further than the existing data protection laws, adding fundamental changes such as accountability, the need for consent, new individual-based rights regarding the use of personal information, along with hefty non-compliance fines.