New EU data rules offer opening
A new study from IBM reveals that nearly 60% of organisations surveyed are embracing the General Data Protection Regulation (GDPR) as an opportunity to improve privacy, security and data management, or as a catalyst for new business models, rather than as simply a compliance issue or impediment.
To reduce their exposure, the majority of companies are being more selective in the data they collect and manage, with 70% disposing of data ahead of the deadline for compliance, the study said.
Companies’ preparation for GDPR comes in the wake of increased scrutiny from consumers on businesses’ management of personal data.
A separate poll of 10,000 consumers, conducted by the Harris Poll on behalf of IBM, found that only 20% of US consumers completely trust organisations they interact with to maintain the privacy of their data.
In the weeks leading up to the May 25 enforcement date, IBM’s Institute for Business Value (IBV) surveyed over 1,500 business leaders responsible for GDPR compliance in organisations around the world.
The survey results reveal how companies are approaching GDPR as an opportunity to build further trust with customers and help drive innovation:
84% believe proof of GDPR compliance will be seen as a positive differentiator to the public.
76% said GDPR will enable more trusted relationships with data subjects that will create new business opportunities.
Despite this opportunity, only 36% believe they will be fully compliant with GDPR by the May 25 deadline.
GDPR will be one of the biggest disruptive forces affecting business models across industries, and its reach extends far beyond EU borders, said Kittipong Asawapichayon, country manager of the software group for IBM Thailand.
“The onset of GDPR also comes during a time of huge distrust among consumers regarding businesses’ ability to protect their personal data,” Mr Kittipong said. “These factors together have created a perfect storm for companies to rethink their approach to data responsibility and begin to restore the trust needed in today’s data-driven economy.”
GDPR CUTS DATA STORAGE
Another key finding of the study is that organisations are using GDPR as an opportunity to streamline their approach to data and reduce the overall amount of data they are managing. For many organisations, this means vastly cutting down on the amount of data they collect, store and share.
According to the new study, organisations reported taking the following actions in response to GDPR:
80% say they are cutting down on the amount of personal data they keep.
78% are reducing the number of people who have access to personal data.
70% are disposing of data that is no longer needed.
GDPR CHALLENGES, BLIND SPOTS AND OPPORTUNITIES
The study found that the top challenges organisations are facing when it comes to GDPR compliance are finding personal data within their organisations (data discovery), ensuring the accuracy of the data they collect and store, as well as complying with rules for how data is analysed and shared (data processing principles).
Other areas of concern included the handling of cross-border data transfers and getting consent from data subjects, as less than half of respondents said they were prepared for these aspects of GDPR.
One key element of GDPR includes the requirement for companies to report data breaches to regulators within 72 hours.
However, the IBV study found that only 3% of companies have re-examined or modified their incident response plans to prepare for this requirement, representing a blind spot in companies’ overall approach to GDPR.