86% of organisations worldwide are concerned that a failure to adhere to the upcoming General Data Protection Regulation (GDPR) could have a major negative impact on their business, according to a research commissioned by Veritas. On 25 May 2018, the European Union will enact the GDPR, which will impact virtually any company that does business within the EU and holds personally identifiable information (personal data) on EU residents.
Almost half (47%) of organisations are afraid they won’t meet the requirements of the legislation, and many have critical concerns about what that could mean for their employees and their company as a whole.The stakes are high as non-compliance could mean fines as high as €20 million ($21.5m), or 4% of annual revenue, whichever is greater.
So, what are the biggest concerns about the potential fallout from one's organisation not being in compliance with the GDPR? The survey reveals that, 21% are worried about potential layoffs- since staff layoffs might be an inevitable way to counter financial penalties. Even worse, 18% think the non-compliance may even put their organisation out of business.
Another concern is around the effect on brand image; 19% fear the negative media or social coverage could lead to customer churn. 12% believe such publicity might devalue brands. Then there also is the fear of losing market share as prospects will think the competitors are better stewards of data than the one who have been accused of data non-compliance.
A small minority (7%) have no concerns and are confidence of compliance. 4% have no concerns about the potential fallout from not being in compliance with the GDPR.
Another observation from the survey was that organisations are not exactly well-equipped in terms of the technologies required for compliance. 32% of respondents are are worried their organisation doesn’t have the necessary technology to manage data effectively. 39% of respondents fear their organisation isn’t able to accurately identify and locate data. 42% organisations report that they do not have a way to determine which data should be saved.
It’s imperative that organisations around the world take immediate steps to achieve compliance. “GDPR requires greater oversight of where and how personal data—including credit card, banking and health information—is stored and transferred, and how access to it is policed and audited by organisations. Businesses operating in Europe or targeting European customers now have twelve months to implement the guidelines outlined in the regulation,” said Johnny Karam, vice president Emerging Market, Veritas.