The Compliance, Governance and Oversight Council (CGOC) released the results of a survey of top data protection challenges.
The survey showed that only 6% of businesses are prepared to be compliant with the EU’s General Data Protection Regulation (GDPR). This result was derived from 132 compliance officers from organisations around the world across multiple industries.
The introduction of the GDPR will have significant impact on companies and this result shows that a lot of businesses are not prepared, and not enough people are talking about it.
There are 3 key things to acknowledge about this change:
- Increased regional scope
- Higher penalties
- Improved consent
Increased regional scope
Regardless of the company’s location GDPR applies to all businesses processing the personal data of individuals residing in the EU.
Businesses in breach of GDPR can be fined up to 4% of their annual global revenue or €20 million, whichever is greater. This is the maximum fine available and is reserved for the most serious contravention, i.e. not having customer consent to process data.
Under the terms of the new GDPR law, businesses are required to request for consent in a comprehensible and easily accessible form without the use of long and indecipherable terms and conditions. In addition, GDPR specifies that it must be as easy to withdraw consent as it is to give it.
Other key findings from this survey:
- 34% of executives admitted that operational and costs concerns override compliance and date protection regulations
- Only 57% of businesses provide staff training on data protection compliance, with 25% saying they perform regular training and audits
- 50% of respondents feel internal staff and practices are the biggest threat, 38% view external hackers as the biggest threat
For more information on the GDPR and how to get started on preparation for its introduction in May 2018, visit http://www.eugdpr.org/