Compuware administered a survey on GDPR preparedness to 79 CIOs at large retail, distribution or transportation companies in France, Germany, Italy, Spain, the UK and the US, e-commercefacts.com reports.
The resulting findings and report, “Underprepared for the GDPR?”, indicate as much as 77% of businesses dont yet know how they will respond to the new EU GDPR, while less than half (47%) are well briefed on the regulation and how it will impact on how customer data should be handled.
The EU GDPR was adopted in April 2016 to unify previously fragmented mandates that protect the use of EU citizens’ Personally Identifiable Information (PII) and their “right to be forgotten.”
Any company with European customer data, regardless of its country of origin, must demonstrate its ability to remove every instance of customers’ PII across all systems or platforms at the customer’s request. The GDPR also demands customer data used in processes like application testing be masked to protect identities, even data shared with outsourcers, developers and testers.
GDPR is now being transposed into the national laws of the 28 member states, with the regulation set to come into force from April 2018. All enterprises in the EU or other countries that capture PII relating to EU citizens will be expected to comply with the new regulations. Failure to comply exposes enterprises to fines of as much as EUR 20 million or 4% of global turnover.
According to the report, some factors exacerbate difficulty of GDPR compliance. First, retailers apparently struggle to control their data, with only 16% of retailers indicating they ask for the proper consent before using customer data and over two-thirds stating they would find it hard to comply with the EU GDPR if asked to exercise a customer’s “right to be forgotten”.
Second, as much as 71% of respondents said the complexity of modern IT services means they cant always know where customer data is while little more than a third (38%) CIOs can locate all of an individuals personal data quickly and nearly a quarter (23%) admitted they could not guarantee they would be able to do so at all.
Third is the relentlessness speed of digital change and expansion also makes GDPR compliance an ever-moving target according to 53% of respondents. And finally, the report also points to retailers’ use of outsourcers (81%) and mobile technology (66%) a factor in making it even harder to keep track of where customer data resides.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now