One Year to Go: Some Progress Made, But Many Large U.S. Firms Still Not Ready for May 2018 European Data Mandates
Survey: 94 percent Possess EU Customer Data, But Only 60 percent Have Detailed Plans in Place for GDPR Compliance
DETROIT—May 18, 2017 – With one year to go before the May 25, 2018 EU General Data Protection Regulations (GDPR) deadline, many U.S. businesses with European customers are not fully prepared to comply with the new laws, which include “Right to be Forgotten” customer consent mandates and regulations on how customer data is handled. U.S. companies will face hefty fines or lawsuits if they don’t fully comply.
A new survey, the second in a series sponsored by Compuware Corporation, shows progress with 88 percent of U.S. large-company CIOs saying they are well-briefed on the impending laws, up from 73 percent, when asked the same question last year. However, only 60 percent have detailed plans in place to address the new laws’ requirements. This is up from 33 percent from last year’s survey, but suggests there is still significant work ahead.
94 percent of the large U.S. company CIOs surveyed say their companies have personally identifiable information (PII) on EU customers, making the new mandates applicable to them.
Particularly challenging is the mandate to obtain customer permission to use PII in application testing, a critical part of software development. 55 percent of U.S. firms have a plan in place to address this, but nearly one-third say they don’t fully understand the impact of this ruling.
The data complexity of modern systems is also an issue, as 85 percent admit it’s sometimes difficult to know exactly where all their customer data resides, an increase from last year’s survey with 78 percent then admitting that difficulty.
“U.S. organizations are heading in the right direction on GDPR compliance, but there is still work to be done to improve data governance capabilities,” said Chris O’Malley, CEO of Compuware. “Manual processes that are used to locate and protect customer data must be replaced with automated capabilities that enable businesses to quickly, accurately and visually manage data privatization and protection.”
The findings also reveal U.S. organizations are better prepared for the GDPR than their European counterparts. Compared to the 60 percent of U.S. companies saying they have detailed and far-reaching plans in place, only 19 percent of UK companies have such plans prepared, a modest improvement of only one percent since last year.
U.S. respondents ranked their biggest GDPR compliance hurdles to overcome as follows:
- Design and implementation of internal processes (65 percent)
- Securing customer consent to use their personal data and handling the process of data withdrawal if requested by the customer (64 percent)
- Ensuring data quality (52 percent)
- Cost of implementation (43 percent)
- Data complexity (41 percent)
Conducted by independent research company Vanson Bourne, the survey was administered to 400 CIOs at large companies across vertical markets in both the U.S. and Europe. The above results represent U.S. respondents only.
This survey, conducted in April 2017, was a follow up to a similar survey conducted in 2016. Review the results and analysis of the 2016 GDPR research here: http://hubs.ly/H07qN5W0
Compuware empowers the world’s largest companies to excel in the digital economy by fully leveraging their high-value mainframe investments. We do this by delivering highly innovative solutions that uniquely enable IT professionals with mainstream skills to manage mainframe applications, data, and platform operations. Learn more at compuware.com.
Follow us on:
# # #
For Sales and Marketing Information
Compuware Corporation, One Campus Martius, Detroit MI 48226, 800-521-9353, www.compuware.com
Copyright © 2017, Compuware Corporation. All rights reserved. The Compuware products and services listed within this release are trademarks or registered trademarks of Compuware Corporation.