Survey Says — You’re Probably Not Prepared for the EU GDPR – posted by Gigya

Dell recently dropped a bomb on the digital business community (read: the business community) in the form of a press release and report based on a survey commissioned by Dell. The goal of the survey was to assess organisations’ preparedness for the European General Data Protection Regulation (EU GDPR), set to take effect in May 2018.

821 qualified IT executives and managers responded to the survey and their answers were cause for alarm, to put it mildly. The EU GDPR is broad-based, comprehensive and has real teeth compared to existing data privacy and protection standards, with fines for noncompliance topping tens of millions of dollars for large enterprise offenders. It also affects businesses globally, despite being a European measure, since it applies equally to all businesses with EU-based customers, no matter where they’re based.

What You Don’t Know WILL Hurt You

Despite the complexity of the new laws, and the grave consequences of not meeting their requirements, the results of Dell’s survey reveal that businesses are simply not prepared for the EU GDPR. Indeed, many are not even aware of its general structure or principles. For example:

  • More than 80 percent of global respondents know few details or nothing about the EU GDPR
  • Less than one in three companies feel they are prepared for the EU GDPR today
  • 97 percent of companies don’t have a plan to be ready for the EU GDPR
  • Only nine percent of IT and business professionals are confident they will be fully ready for the GDPR

Cybersecurity heavyweight Symantec also commissioned an EU GDPR survey, this one based entirely in Europe. The results were strikingly similar to Dell’s, with some interesting highlights, including the fact that only 1 in 5 of respondents believe that it is even possible to become fully compliant with the GDPR, while 49 percent presume that some company departments will achieve compliance and others will not.

Dell notes that implementing best practices can help successfully tackle the new requirements, listing some recommendations to that end. These include hiring a data protection officer to ensure that businesses stay current with, implement and enforce the latest privacy laws. They also recommend, firming up access governance and control management for applications across the stack, and implementing bigger, badder firewalls to protect the perimeter of business or government networks.

Beyond the Back Office

Dell’s software primarily serves business users, and their survey guide illustrates the importance of meeting EU GDPR requirements for companies’ employee-facing systems. In this context, data security is the focus, with preparation mainly recommended around functions such as email security, management for access and privileged accounts, and stronger company firewalls. But employee-facing system security requirements are just the tip of the iceberg. Many of the trickiest aspects of EU GDPR compliance have to do with users outside of the firewall, in other words: customers.

Increasingly, consumer-facing enterprises leverage multi-tiered, cloud-enabled tech stacks that use consumers’ personal data as the primary fuel for marketing, sales or service efforts. While IT, S&R, Legal and other security stakeholders should consider their security posture, the entire enterprise leadership team must consider the EU GDPR’s stringent requirements for data privacy. These requirements are framed by the concept of “Privacy by Design” in the EU GDPR, with foundational principles such as making privacy the default setting, embedding privacy into overall design, and delivering visibility and transparency throughout the user experience.

Play it Safe: Put Identity Front & Center

So where does Gigya fit in? Our platform acts as an enabler for data privacy and regulatory compliance by helping brands establish and grow identity-driven relationships with their customers. Clients who implement our Customer Identity Management platform, besides optimising their customers’ experience, are also solving specific pain points around key areas of the EU GDPR’s requirements for consumer data privacy. From consent management and user data control to anti-spam, social network and disability compliance, our end-to-end, identity-based platform was designed to ensure consumer privacy and provide a transparent and flexible customer experience.

To learn more about the ramifications of the EU GDPR for managing customers’ digital identities, download this free white paper from EU-based tech analysts KuppingerCole.