Jump to content

U.S. Companies Need To Brace Themselves For A Flood Of EU Data Demands


Recommended Posts

With the European Union’s General Data Protection Regulation (GDPR) due to come into force in a couple of weeks' time, many non-EU companies may be in for a shock.

A new survey from cloud data management firm Veritas indicates that as many as two thirds of Brits will be looking to ask what data a company holds on them, with a whacking seven in ten saying they want some or all of their data deleted.


And with organizations required to comply within one month of each request, this could mean a very hefty administrative burden.


"This means having the ability to see, protect and access all of the personal data they hold regardless of where it sits within their organization," says Mike Palmer, executive vice president and chief product officer at Veritas.


"Businesses that fail to recognize the importance of responding effectively and efficiently to personal data requests will be putting their brand loyalty and reputation at stake."


The businesses that need to worry most, says Veritas, are those in the financial services sector, including banks and insurance companies; more than half of survey respondents said they planned to put in a request of some sort.


Next - unsurprisingly, given recent scandals - are social media companies, with nearly half of European customers saying they planned to ask for their personal data to be shared or deleted.


But retailers and healthcare providers should also be bracing themselves, as should anybody that's ever hired or currently employs a European.


And a recent survey from technology association CompTIA indicates that many US companies are woefully unprepared. Only 13 percent of the 400 organizations surveyed said they were fully compliant, with 23 percent reporting being 'mostly' compliant, and 12 percent 'somewhat' compliant.


"Confusion about the regulations remains a significant problem for many companies," says Todd Thibodeaux, CompTIA president and CEO.


"Only one in four respondents claim to be very familiar with GDPR. Some believe it applies primarily to companies in the EU; others, only to large multinational corporations. Alarmingly, three in ten companies believe GDPR does not go into effect until the end of 2018."


The penalties for non-compliance are severe: fines of up to four percent of turnover or €20 million ($24 million), whichever is the greater. And while it's not clear exactly how the EU intends to enforce the regulation on non-EU companies, the US and the EU have entered into a binding Mutual Legal Assistance Agreement (MLAA), meaning that companies that fail to comply could be falling foul of the US authorities too.


The good news is that the regulators are likely to be pretty tolerant except in the most egregious of cases. However, if European citizens really do make data requests on the scale they say they are going to (and it is, of course, a big 'if')  then compliance could be much harder than most organizations are expecting.


< Here >

Link to comment
Share on other sites

  • Replies 1
  • Views 332
  • Created
  • Last Reply

My email is full of emails about EU data TOS changes, i guess  its good, the delete me off all orgs i have signed up with over the years

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...