Veritas Study: Organizations Worldwide Fear Non-compliance with New European Union Data Regulation Could Put Them Out of Business
Nearly half of organizations are afraid they won’t meet the requirements of the General Data Protection Regulation, inadequate technology cited as core challenge
Mountain View, Calif., 25 April 2017 – A global study from Veritas Technologies, the leader in information management, has revealed that 86 percent of organizations worldwide are concerned that a failure to adhere to the upcoming General Data Protection Regulation (GDPR) could have a major negative impact on their business. Nearly 20 percent said they fear that non-compliance could put them out of business. This is in the face of potential fines for non-compliance as high as $21 million or four percent of annual turnover – whichever is greater.
Intended to harmonize the governance of information that relates to individuals (“personal data”) across European Union (EU) member states, the GDPR requires greater oversight of where and how personal data—including credit card, banking and health information—is stored and transferred, and how access to it is policed and audited by organizations. GDPR, which takes effect on May 25, 2018, will not only affect companies within the EU, but extend globally, impacting any company that offers goods or services to EU residents, or monitors their behavior, for example, by tracking their buying habits. The study indicates that a whopping 47 percent of organizations globally have major doubts that they will meet this impending compliance deadline.
The research findings from The Veritas 2017 GDPR Report, which surveyed more than 900 senior business decision makers in 2017 across Europe, the U.S. and Asia Pacific, also found that more than 20 per cent (21%) are very worried about potential layoffs, fearing that staff reductions may be an inevitable outcome as a result of financial penalties incurred as a result of GDPR compliance failures.
Figure 1: “What concerns you the most about the potential fallout from your organization not being in compliance with the GDPR?
Companies are also worried about the impact non-compliance could have on their brand image, especially if and when a compliance failure is made public, potentially as a result of the new obligations to notify data breaches to those affected. Nineteen percent of those surveyed fear that negative media or social coverage could cause their organization to lose customers. An additional one in ten (12%) are very concerned that their brand would be de-valued as a result of negative coverage.
Lack of Technology Hindering GDPR Compliance
The research also shows that many companies appear to be facing serious challenges in understanding what data they have, where that data is located, and its relevance to the business – a critical first step in the GDPR compliance journey. Key findings reveal that many companies are struggling to solve these challenges because they lack the proper technology to address compliance regulations.
Almost one third (32%) of respondents are fearful their current technology stack is unable to manage their data effectively, something that could hinder their ability to search, discover and review data – all essential criteria for GDPR compliance.
In addition, 39 percent of respondents say their organization cannot accurately identify and locate relevant data. This is another critical competency as the regulation mandates that, when requested, businesses must be able to provide individuals with a copy of their data, or delete it, within a 30 day time frame.
There is also widespread concern about data retention. More than 40 percent (42%) of organizations admitted that there is no mechanism in place to determine which data should be saved or deleted based on its value. Under GDPR, companies can retain personal data if it is still being used for the purpose that was notified to the individual concerned when the data was collected, but must delete personal data when it is no longer needed for that purpose.
Investing in GDPR Compliance
Veritas’ research found that less than one third (31%) of respondents believe their organization is GDPR ready. For those working towards compliance, seven figure investments are the norm. On average, firms are forecasting spending in excess of $1.4m on GDPR readiness initiatives.
Potential Compliance Challenges Globally
Many businesses around the world have a long way to go towards GDPR compliance.
- Lack of GDPR Readiness: The research highlights that several countries are way behind their global counterparts in terms of GDPR readiness. Singapore, Japan and the Republic of Korea came in last place in the survey on this topic. Fifty-six percent of respondents in Singapore fear they will be unable to meet the regulatory deadlines. The situation is worse in Japan and the Republic of Korea, where that percentage is greater than 60 percent.
- Fear of Going Out of Business: When it comes to fears of going out of business as a result of compliance issues, the concerns are greatest in the U.S. and Australia. Nearly 25 percent of respondents in both countries fear that non-compliance could threaten the very existence of their organizations.
- Concerns About Layoffs: Likewise, respondents in the United States and Australia are also the most concerned that penalties from GDPR non-compliance could lead to layoffs. Twenty-six per cent of respondents in the U.S. expressed concern about potential workforce reductions, and that number climbs to nearly 30 percent in Australia. This was also the number one concern in the Republic of Korea, where 23 percent of respondents stated they fear layoffs are a distinct possibility.
- Worry of Brand Damage: In Asia Pacific, businesses appear to be very worried about the impact a compliance failure could have on their brand reputation. Twenty percent of respondents in Singapore fear they could lose customers because of negative media and social coverage. The number increases in 21% in Japan and the Republic of Korea.
“There is just over a year to go before GDPR comes into force, yet the ‘out of sight, out of mind’ mentality still exists in organizations around the world. It doesn’t matter if you’re based in the EU or not, if your organization does business in the region, the regulation applies to you,” said Mike Palmer, executive vice president and chief product officer at Veritas. “A sensible next step would be to seek an advisory service that can check the level of readiness and build a strategy that ensures compliance. A failure to react now puts jobs, brand reputation and the livelihood of businesses in jeopardy.”
Detailed information on the report and the full infographic can be found at: https://www.veritas.com/content/dam/Veritas/docs/infographics/gdpr-infographic-en.pdf
Veritas commissioned independent technology market research specialist Vanson Bourne to undertake the research.
A total of 900 business decision makers were interviewed in February and March 2017 across the US, the UK, France, Germany, Australia, Singapore, Japan and the Republic of Korea. The respondents were from organizations with at least 1,000 employees, and could be from any sector. To qualify for the research, respondents had to be from organizations which do at least some business within the EU and therefore hold personal data on EU residents.
About Veritas Technologies
Veritas Technologies enables organizations to harness the power of their information, with information management solutions serving the world’s largest and most complex environments. Veritas works with organizations of all sizes, including 86 per cent of global Fortune 500 companies, improving data availability and revealing insights to drive competitive advantage. www.veritas.com
Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change at the sole discretion of Veritas. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Veritas, may or may not be implemented, should not be considered firm commitments by Veritas, should not be relied upon in making purchasing decisions, and may not be incorporated into any contract.
Veritas, the Veritas Logo, NetBackup, Backup Exec and Enterprise Vault are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Dayna Fried +1 925 493 9020
Brooke Hamilton +44 (0) 7713697268
Belinda Lim +65 64275564