European companies aren’t taking EU GDPR seriously yet
Although data protection and data privacy have been a hot topics over the last couple of months, one area which has shrunk into the shadows is the EU’s General Data Protection Regulation (GDPR).
The EU GDPR is the new data protection policy which aims to strengthen and unify data protection for individuals within the European Union. It addresses not only the export of personal data outside the EU, but also how a company manages an individual’s personal information, and the amount of control that individual has over his/her personal information. By engaging in the digital economy, you will no longer be handing away the control of your data to an unnamed or number of unnamed corporations.
The regulation itself has the potential to shake up the industry, which is demonstrated in the timescales which have been given. Organizations have until May 2018 to ensure compliance under the new rules, and ensure their IT systems are able to meet the demands and requirements of the digital era.
But after Telecoms.com had the chance to talk to a few people at the Big Data Everywhere event in London this week, this might not even be enough time.
One attendee told us that unless businesses are looking at the data which they have currently, there may not be enough time to identify where the non-compliance is and adequately correct in time. Another highlighted that they had undertaken a data discovery project and uncovered huge amounts of personal information they didn’t even realize they were storing. A third person said their organization didn’t take into account employee data during the initial stages so had to go back to stage one. Another mentioned he wasn’t initially sure what was classified as sensitive data as there hasn’t been a huge amount of guidance from the EU, which made the auditing process a nightmare
All-in-all, becoming compliant was taking a lot longer than these guys thought it would in the first place. These oversight further down the line could be disastrous considering the fines can be as much as €20 million or 4% of annual revenues (whichever is greater).
Whenever the topic of EU GDPR is brought up, there is a unanimous decision it is critical for the industry, however it is not top of mind. Irrelevant as to how big the fines are, May 2018 is a long-way off in some people’s minds, and these are the people who most likely don’t appreciate how much of a task becoming compliant under GDPR will be.
Organizations control a huge amount of information nowadays and auditing this data prior to undertaking a GDPR compliance project will be a significant task in itself. This will almost certainly be the case for the telcos, who data banks must be bursting at the seams.
EU GDPR will be a significant milestone in the EU data protection landscape, though the general feeling at Big Data Everywhere is the industry isn’t taking it seriously enough at the moment and doesn’t appreciate the scale of the challenge. Come the latter stages of 2017, the industry could see a number of panicked companies rushing towards GDPR deadline day unless things change quickly.
