DETROIT — A new survey from Detroit-based Compuware Corp. finds that many U.S. businesses with European customers are not prepared to deal with the European Union’s Data Protection Regulations, which go into effect May 25, 2018.
The new laws include “right to be forgotten” customer consent mandates and regulations on how customer data is handled.
U.S. companies will face hefty fines or lawsuits if they don’t comply.
In the survey, 94 percent of large American companies say they possess EU customer data that will fall under the regulations.
The survey does show progress from a year earlier, with 88 percent of CIOs at large American companies saying they are well-briefed on the impending laws, up from 73 percent a year ago. However, 90 percent are concerned about their ability to use customer data within new compliance rules. And only 60 percent of respondents have plans in place to respond to the impact the GDPR will have on how they handle customer data (though that is up from only 33 percent from a year ago).
Also, 85 percent admit it’s sometimes difficult to know exactly where all the data resides, a key capability needed to meet “right to be forgotten” mandates.
Particularly challenging is the mandate to obtain customer permission to use personally identifying information — data that could identify a specific individual — in application testing, a critical part of software development. While 55 percent of U.S. firms have a plan in place to address this, nearly one-third say they don’t fully understand the impact of this ruling.
“U.S. organizations are heading in the right direction on GDPR compliance, but there is still work to be done to improve data governance capabilities,” said Chris O’Malley, CEO of Compuware. “Manual processes that are used to locate and protect customer data must be replaced with automated capabilities that enable businesses to quickly, accurately and visually manage data privatization and protection.”
The findings also reveal U.S. organizations are better prepared for the GDPR than their European counterparts. Compared to the 60 percent of U.S. companies saying they have detailed and far-reaching plans in place, only 19 percent of companies in the Untied Kingdom have such plans prepared, a modest improvement of only one percent since last year.
U.S. respondents ranked their biggest GDPR compliance hurdles to overcome as follows:
* Design and implementation of internal processes (65 percent)
* Securing customer consent to use their personal data and handling the process of data withdrawal if requested by the customer (64 percent)
* Ensuring data quality (52 percent)
* Cost of implementation (43 percent)
* Data complexity (41 percent)
Conducted by independent research company Vanson Bourne, the survey was administered to 400 CIOs at large companies in both the U.S. and Europe.
This survey, conducted in April 2017, was a follow up to a similar survey conducted in 2016. Review the results and analysis of the 2016 GDPR research at http://hubs.ly/H07qN5W0.
Compuware provides software and services for the testing, development, automation and performance management of mainframe computer systems. compuware.com.
Pingback: [Podcast] What does the EU General Data Protection Regulation (GDPR) mean for countries outside the EU?