Organisations worldwide fear non-compliance with GDPR could put them out of business

The majority of organisations worldwide (86%) are concerned that a failure to adhere to the upcoming EU General Data Protection Regulation (GDPR) could have a major negative impact on their business. According to a study carried out by Veritas Technologies, nearly 20% said they fear that non-compliance could put them out of business. This concern emanates in the face of potential fines for non-compliance that will be as high as €20 million or 4% of annual turnover (whichever is greater).

Intended to harmonise the governance of information that relates to individuals (‘personal data’) across European Union (EU) Member States, the GDPR requires greater oversight of where and how personal data – including credit card, banking and healthcare information – is stored and transferred and how access to it is both policed and audited by organisations.

Coming into force on 25 May 2018, the GDPR will not only affect organisations within the EU, but also extend globally, impacting any organisation that offers goods or services to EU residents or monitors their behaviour (for example by tracking their buying habits). The study indicates that a substantial 47% of organisations globally harbour major doubts that they’ll meet this impending compliance deadline.

The Veritas GDPR Report 2017 finds that more than one-in-five (21%) businesses are very worried about potential lay-offs, fearing that staff reductions may be an inevitable outcome as a result of financial penalties incurred due to GDPR compliance failures.

Organisations are also worried about the impact non-compliance could have on their brand image, especially if and when a compliance failure is made public, potentially as a result of the new obligations to notify data breach occurrences to those parties immediately affected. Some 19% of those surveyed fear that negative media or social coverage could cause their organisation to lose customers. An additional one-in-ten (12%) are very concerned that their brand would be de-valued as a result of negative coverage.

Facing serious challenges

The research also shows that many organisations appear to be facing serious challenges in understanding what data they have, where that data is located and its relevance to the business – a critical first step in the GDPR compliance journey. Key findings reveal that many organisations are struggling to solve these challenges simply because they lack the proper technology needed to address compliance regulations.

There’s also widespread concern about data retention. More than 40% of organisations admit that there’s no mechanism in place to determine which data should be saved or deleted based on its value. Under the EU GDPR, companies can retain personal data if it’s still being used for the purpose that was notified to the individual concerned when the data was collected, but must delete personal data when it’s no longer required for that purpose.

“There’s just over a year to go before the EU GDPR comes into force, yet the ‘out of sight, out of mind’ mentality still exists in organisations around the world,” explained Mike Palmer, executive vice-president and chief product officer at Veritas. “It doesn’t matter if you’re based in the EU or not. If your organisation does business in the region, the regulation applies to you. A sensible next step would be to seek an advisory service that can check the level of readiness and build a strategy that ensures compliance. Any failure to react now places jobs, brand reputation and the livelihood of businesses in jeopardy.”

About the Author

Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications)

Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting.

In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector.

In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute’s George van Schalkwyk Award.

An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award.

Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site.

Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media.

Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts