The world's toughest privacy law will go into force in Europe 18 months from now, and so far, the strategy of many IT professionals appears to be "pretend it's not happening." That's the takeaway from a survey published today by Dell that suggests most firms are unprepared for the EU's General Data Protection Regulations.
This collection of laws (known as GDPR) passed earlier this year, and will introduce a spate of stiff compliance measures and eye-watering penalties for companies that don't take a series of steps to manage data. For instance, firms will have to:
- Hire a data protection officer
- Introduce "privacy by design" to their workflow
- Get explicit consent to use a wide variety of data
- Increase opt-out and data portability options
If they don't comply, companies face a maximum fine of 20 million euros or 4% of total revenue—whichever is greater.
According to the Dell survey, which polled 821 IT professionals across the globe, 80% said they knew little or nothing about the GDPR, while 97% said their companies didn't have a plan in place to implement the new law.
According to Michael Tweddle, a Dell executive, the survey also suggested that the IT crowd felt most confident about being able to comply with impending rules related to email security, but much less so when it came to those related to document access. (Under the GDPR, companies will have to create procedures that limit who can access shared files hosted on platforms like Dropbox or SharePoint.)
The lack of readiness described in the survey could be an ominous sign for companies, especially those outside the EU that do business with European citizens, given the recent assertiveness of privacy regulators on the continent.
Firms will, presumably, start paying more attention as the GDPR implementation date of May 2018 draws closer. And it's a safe bet corporate legal departments are tuning into the rules, even if the operation crowd is not (law firm Allen & Overy has a good briefing here).
Finally, it will be curious to see if politicians in Europe, where the economy is still limping, will decide to flinch and water down or defer the regulations if compliance costs prove too high.