Veritas Study: Organizations Worldwide Fear
Non-compliance with New European Union Data Regulation Could Put Them Out of
Business
Non-compliance with New European Union Data Regulation Could Put Them Out of
Business
Nearly half of organizations are afraid they won’t meet the
requirements of the General Data Protection Regulation, inadequate technology
cited as core challenge
requirements of the General Data Protection Regulation, inadequate technology
cited as core challenge
Singapore – April 26, 2017 – A global study from Veritas Technologies,
the leader in information management, has revealed that 86 percent of
organizations worldwide are concerned that a failure to adhere to the upcoming General Data Protection Regulation
(GDPR) could have a major negative impact on their business.
Nearly 20 percent said they fear that non-compliance could put them out of
business. In Singapore, the numbers are higher than the global average, with 92
percent of all local organizations expressing concerns over the potential GDPR
fallout, along with 20 percent who fear that their business could shut down due
to non-compliance. This is in the face of potential fines for
non-compliance as high as USD21
million (or SGD 29.8 million) or four percent of annual turnover – whichever is
greater.
the leader in information management, has revealed that 86 percent of
organizations worldwide are concerned that a failure to adhere to the upcoming General Data Protection Regulation
(GDPR) could have a major negative impact on their business.
Nearly 20 percent said they fear that non-compliance could put them out of
business. In Singapore, the numbers are higher than the global average, with 92
percent of all local organizations expressing concerns over the potential GDPR
fallout, along with 20 percent who fear that their business could shut down due
to non-compliance. This is in the face of potential fines for
non-compliance as high as USD21
million (or SGD 29.8 million) or four percent of annual turnover – whichever is
greater.
Intended to harmonize the governance of
information that relates to individuals (“personal data”) across European Union
(EU) member states, the GDPR requires
greater oversight of where and how personal data—including credit card, banking
and health information—is stored and transferred, and how access to it is
policed and audited by organizations. GDPR, which takes effect on May 25,
2018, will not only affect companies within the EU, but extend globally,
impacting any company that offers goods or services to EU residents, or
monitors their behavior, for example, by tracking their buying habits. The study indicates that a whopping 47 percent
of organizations globally have major doubts that they will meet this impending
compliance deadline. In
Singapore, the number beats the global average, sitting at 56 percent.
information that relates to individuals (“personal data”) across European Union
(EU) member states, the GDPR requires
greater oversight of where and how personal data—including credit card, banking
and health information—is stored and transferred, and how access to it is
policed and audited by organizations. GDPR, which takes effect on May 25,
2018, will not only affect companies within the EU, but extend globally,
impacting any company that offers goods or services to EU residents, or
monitors their behavior, for example, by tracking their buying habits. The study indicates that a whopping 47 percent
of organizations globally have major doubts that they will meet this impending
compliance deadline. In
Singapore, the number beats the global average, sitting at 56 percent.
The research findings from The Veritas 2017 GDPR Report, which surveyed more than 900 senior business
decision makers in 2017 across Europe, the U.S. and Asia Pacific, also found that
more than 20 percent (21%)
are very worried about potential layoffs, fearing that staff reductions may be
an inevitable outcome as a result of financial penalties incurred as a result
of GDPR compliance failures. Similarly, Singapore faces the same sentiments,
with 19 percent fearing potential loss of jobs.
decision makers in 2017 across Europe, the U.S. and Asia Pacific, also found that
more than 20 percent (21%)
are very worried about potential layoffs, fearing that staff reductions may be
an inevitable outcome as a result of financial penalties incurred as a result
of GDPR compliance failures. Similarly, Singapore faces the same sentiments,
with 19 percent fearing potential loss of jobs.
Figure 1: “What concerns you the most aboutthe potential fallout from your organization not being in compliance with the
GDPR?
Companies
are also worried about the impact non-compliance could have on their brand
image, especially if and when a compliance failure is made public, potentially
as a result of the new obligations to notify data breaches to those affected.
In Singapore, 20 percent surveyed fear that negative media or social coverage
could cause their organization to lose customers, slightly above the global
average of 19 percent. An additional one in ten (10%), similar to the global
average of 12 percent, are very concerned that their brand would be de-valued
as a result of negative coverage.
are also worried about the impact non-compliance could have on their brand
image, especially if and when a compliance failure is made public, potentially
as a result of the new obligations to notify data breaches to those affected.
In Singapore, 20 percent surveyed fear that negative media or social coverage
could cause their organization to lose customers, slightly above the global
average of 19 percent. An additional one in ten (10%), similar to the global
average of 12 percent, are very concerned that their brand would be de-valued
as a result of negative coverage.
Lack of Technology Hindering GDPR Compliance
The research also shows
that many companies appear to be facing serious challenges in understanding
what data they have, where that data is located, and its relevance to the
business – a critical first step in the GDPR compliance journey. Key findings
reveal that many companies are struggling to solve these challenges because
they lack the proper technology to address compliance regulations.
that many companies appear to be facing serious challenges in understanding
what data they have, where that data is located, and its relevance to the
business – a critical first step in the GDPR compliance journey. Key findings
reveal that many companies are struggling to solve these challenges because
they lack the proper technology to address compliance regulations.
Following
the global average of 32 percent, one third (34%) of local respondents are
fearful their current technology stack is unable to manage their data
effectively, something that could hinder their ability to search, discover and
review data – all of which are essential criteria for GDPR compliance.
the global average of 32 percent, one third (34%) of local respondents are
fearful their current technology stack is unable to manage their data
effectively, something that could hinder their ability to search, discover and
review data – all of which are essential criteria for GDPR compliance.
In
addition, 42 percent of local respondents say their organization cannot accurately
identify and locate relevant data. This is another critical competency as the
regulation mandates that, when requested, businesses must be able to provide
individuals with a copy of their data, or delete it, within a 30 day time
frame.
addition, 42 percent of local respondents say their organization cannot accurately
identify and locate relevant data. This is another critical competency as the
regulation mandates that, when requested, businesses must be able to provide
individuals with a copy of their data, or delete it, within a 30 day time
frame.
There
is also widespread concern about data retention. In Singapore, more than 40
percent (43%) of organizations admitted that there is no mechanism in place to
determine which data should be saved or deleted based on its value. Under GDPR,
companies can retain personal data if it is still being used for the purpose
that was notified to the individual concerned when the data was collected, but
must delete personal data when it is no longer needed for that
purpose.
is also widespread concern about data retention. In Singapore, more than 40
percent (43%) of organizations admitted that there is no mechanism in place to
determine which data should be saved or deleted based on its value. Under GDPR,
companies can retain personal data if it is still being used for the purpose
that was notified to the individual concerned when the data was collected, but
must delete personal data when it is no longer needed for that
purpose.
Investing in GDPR Compliance
Veritas’ research found that less than one
fifth (18%) of local respondents believe their organization is GDPR ready. For
those working towards compliance, seven figure investments are the norm. On
average, local firms are forecasting spending in excess of USD1.55 million (or
SGD2.2 million) on GDPR readiness initiatives.
fifth (18%) of local respondents believe their organization is GDPR ready. For
those working towards compliance, seven figure investments are the norm. On
average, local firms are forecasting spending in excess of USD1.55 million (or
SGD2.2 million) on GDPR readiness initiatives.
Potential Compliance Challenges Globally
Many businesses around the world have a long
way to go towards GDPR compliance.
way to go towards GDPR compliance.
· Lack
of GDPR Readiness: The research highlights that
several countries are way behind their global counterparts in terms of GDPR
readiness. Singapore, Japan and the Republic of Korea came in last place in the
survey on this topic. 56 percent of respondents in Singapore fear they will be
unable to meet the regulatory deadlines. The situation is worse in Japan and
the Republic of Korea, where that percentage is greater than 60 percent.
of GDPR Readiness: The research highlights that
several countries are way behind their global counterparts in terms of GDPR
readiness. Singapore, Japan and the Republic of Korea came in last place in the
survey on this topic. 56 percent of respondents in Singapore fear they will be
unable to meet the regulatory deadlines. The situation is worse in Japan and
the Republic of Korea, where that percentage is greater than 60 percent.
· Fear
of Going Out of Business: When it comes to fears of
going out of business as a result of compliance issues, the concerns are
greatest in the U.S. and Australia. Nearly 25 percent of respondents in both
countries fear that non-compliance could threaten the very existence of their
organizations, as compared to Singapore, which sits at 20 percent.
of Going Out of Business: When it comes to fears of
going out of business as a result of compliance issues, the concerns are
greatest in the U.S. and Australia. Nearly 25 percent of respondents in both
countries fear that non-compliance could threaten the very existence of their
organizations, as compared to Singapore, which sits at 20 percent.
· Concerns
About Layoffs: Likewise, respondents in the United States and Australia
are also the most concerned that penalties from GDPR non-compliance could lead
to layoffs. 26 percent of respondents in the U.S. expressed concern about
potential workforce reductions, and that number climbs to nearly 30 percent in
Australia. This was also the number one concern in the Republic of Korea, where
23 percent of respondents stated they fear layoffs are a distinct possibility.
In Singapore nearly one in five (19%) respondents share similar sentiments.
About Layoffs: Likewise, respondents in the United States and Australia
are also the most concerned that penalties from GDPR non-compliance could lead
to layoffs. 26 percent of respondents in the U.S. expressed concern about
potential workforce reductions, and that number climbs to nearly 30 percent in
Australia. This was also the number one concern in the Republic of Korea, where
23 percent of respondents stated they fear layoffs are a distinct possibility.
In Singapore nearly one in five (19%) respondents share similar sentiments.
· Worry
of Brand Damage: In Asia Pacific, businesses
appear to be very worried about the impact a compliance failure could have on
their brand reputation. 20 percent of respondents in Singapore fear they could
lose customers because of negative media and social coverage. The number is
slightly higher in Japan and the Republic of Korea, sitting at 21 percent.
of Brand Damage: In Asia Pacific, businesses
appear to be very worried about the impact a compliance failure could have on
their brand reputation. 20 percent of respondents in Singapore fear they could
lose customers because of negative media and social coverage. The number is
slightly higher in Japan and the Republic of Korea, sitting at 21 percent.
“There is just over a year to go before GDPR
comes into force, yet the ‘out of sight, out of mind’ mentality still exists in
organizations around the world. It doesn’t matter if you’re based in the EU or
not, if your organization does business in the region, the regulation applies
to you,” said Mike Palmer, executive vice president and chief product officer
at Veritas. “A sensible next step would be to seek an advisory service that can
check the level of readiness and build a strategy that ensures compliance. A
failure to react now puts jobs, brand reputation and the livelihood of
businesses in jeopardy.”
comes into force, yet the ‘out of sight, out of mind’ mentality still exists in
organizations around the world. It doesn’t matter if you’re based in the EU or
not, if your organization does business in the region, the regulation applies
to you,” said Mike Palmer, executive vice president and chief product officer
at Veritas. “A sensible next step would be to seek an advisory service that can
check the level of readiness and build a strategy that ensures compliance. A
failure to react now puts jobs, brand reputation and the livelihood of
businesses in jeopardy.”
For information on how organizations can
become GDPR compliant visit our website or click here to
register for our upcoming GDPR Webinar with IDC and William Fry on April 25,
2017 at 8am PDT.
become GDPR compliant visit our website or click here to
register for our upcoming GDPR Webinar with IDC and William Fry on April 25,
2017 at 8am PDT.
Detailed information on the report and the full
infographic can be found at: https://www.veritas.com/content/dam/Veritas/docs/infographics/gdpr-infographic-en.pdf
infographic can be found at: https://www.veritas.com/content/dam/Veritas/docs/infographics/gdpr-infographic-en.pdf
Research Methodology
Veritas commissioned independent technology
market research specialist Vanson Bourne to undertake the research.
market research specialist Vanson Bourne to undertake the research.
A total of 900 business decision makers were
interviewed in February and March 2017 across the US, the UK, France, Germany,
Australia, Singapore, Japan and the Republic of Korea. The respondents were
from organizations with at least 1,000 employees, and could be from any sector.
To qualify for the research, respondents had to be from organizations which do
at least some business within the EU and therefore hold personal data on EU
residents.
interviewed in February and March 2017 across the US, the UK, France, Germany,
Australia, Singapore, Japan and the Republic of Korea. The respondents were
from organizations with at least 1,000 employees, and could be from any sector.
To qualify for the research, respondents had to be from organizations which do
at least some business within the EU and therefore hold personal data on EU
residents.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
