EU’s GDPR Data Protection Regulations Bring Challenges, Opportunities

ABSTRACT: With data protection and data privacy becoming more of a concern, jurisdictions around the world are beginning to enforce data protection regulations. Among the most stringent set of regulations is the European Union’s General Data Protection Regulation (GDPR), which will be enforced starting on May 25, 2018. According to McAfee’s Beyond the General Data Protection Regulation report, data protection regulations represent both an opportunity and a challenge for organizations. The 20-page report is based on insights from a survey of 800 senior business decision-makers from eight countries. Among the key findings in the report is that up to 48 percent of organizations will consider migrating data to a new location due to data protection regulations. In this slide show, eWEEK looks at some of the highlights of McAfee’s report.

Forty-eight percent of surveyed organizations said that, due to the upcoming enforcement of GDPR, they will migrate data to a new location.

While there are costs associated with data protection, it’s also seen as a way to gain new customers. Seventy-four percent of survey respondents agreed with the statement, “Organizations are using data protection to attract new customers.”

The EU’s General Data Protection Regulation is a complex set of rules and requirements for data protection and breach reporting. In response to the survey question, “To what extent does your organization understand what the GDPR means to them?” 44 percent said they had complete understanding, while 41 percent reported they had a “good” understanding of GDPR.

Becoming GDPR-compliant is not a simple task, and organizations are spending an average of approximately two years preparing for the data protection regulation, according to the survey.

One of the requirements of GDPR is that organizations report any breach within 72 hours. Currently, however, only 23 percent of respondents said they could report a breach within three days. The average response time across the survey base is 11 days.

GDPR requires that organizations have a data protection officer on staff. According to the survey, 50 percent of organizations already have a data protection officer, with 31 percent of organizations planning to hire one within the next year.

When looking to achieve data protection compliance, 38 percent of organizations reported that they would pass data controller responsibility to their cloud service provider.