Cloud Countdown to GDPR: Can Businesses Handle the Pressure?
The General Data Protection Regulation is set to be finalized by the end of the year, and it impacts all global organisations doing business in Europe.
15 December 2015
The General Data Protection Regulation (GDPR) is set to be finalized imminently, and it impacts all global organisations doing business in Europe. Like any new regulation, there are many compliance demands on the table, most of which will demand a new look at and if necessary an overhaul of existing information governance processes within global businesses. For serious data breaches, the fines are set to be up to 2% of global revenue, which could mean billion dollar fines for some of the world’s highest profile companies. So, as regulations go, it is in the ‘heavyweight’ category.
With the above in mind, Intralinks commissioned global analyst house Ovum to explore how “ready” global businesses are for the GDPR. According to the results of the commissioned research, 66% of global companies will review their business strategies in some European countries in light of the upcoming GDPR. Underpinning this rationale is costs and practicality, with 68% of respondents claiming the new regulation will dramatically increase costs of doing business in Europe, and over 50% feel they won’t be able to fulfill the requirements set out by the European Union (EU).
The negativity doesn’t stop there. In addition, over half of respondents (52%) said they thought the GDPR will result in fines for their businesses, with respondents in Europe demonstrating a similar level of pessimism to those outside of Europe; 53% of UK respondents, 62% of German respondents and 58% of US respondents all believe they will be fined. Companies in the US will also be put at further disadvantage than just perception alone. 63% of respondents believe the proposed GDPR will make it harder for American companies to compete in Europe, and 70% think the new legislation will favour businesses based in Europe.
Interestingly, despite the overall pessimism surrounding GDPR, respondents still intend to use the following technology environments to store regulated and sensitive data by mid-2018: Internet of Things implementations (66%), Mobile Applications (70%), Infrastructure as a Service (73%), Platform as a Service (70%) and Software as a Service (78%). This suggests that global companies will migrate to cloud-based environments regardless of regulations, however, the associated costs will cause dramatic reviews of European operations for many global companies.
So, it is clear that businesses are worried. But what can they do about it? Organizations need options that help them react to a rapidly changing regulatory environment - there is no “one size fits all” answer when it comes to compliance. Instead, businesses need to educate their workforce, conduct privacy risk assessments and introduce governance procedures and technology to cater for the new demands. Experienced and savvy vendors are prepared to add consistency and advice in what will prove to be an inconsistent and complex procedure from country to country. Fines are not inevitable if you plan ahead.
Deema Freij is SVP, Deputy General Counsel and Global Privacy Officer, based in Intralinks’ London office. Deema oversees global data governance within the company and is responsible for further strengthening the company’s worldwide focus on data privacy and the regulatory demands placed on its customers. Deema brings almost two decades of experience in the legal profession. Prior to joining Intralinks in 2011 as Legal Counsel, EMEA & APAC, she spent seven years as a legal consultant.