Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Firms Are in Denial About the EU’s Coming Privacy Law, Survey Suggests

October 11, 2016, 11:00 AM UTC
Caption:BRUSSELS, BELGIUM - OCTOBER 24: European Union flags are pictured outside the European Commission building on October 24, 2014 in Brussels, Belgium. Alongside criticism from outgoing European Commission president Jose Manuel Barroso on the UK's stance on EU immigration and a plan to quit the European Court of Human Rights, the UK has now been told to pay an extra £1.7bn GBP (2.1bn EUR) towards the EU's budget because its economy has performed better than expected. (Photo by Carl Court/Getty Images)
Photograph by Carl Court — Getty Images

The world’s toughest privacy law will go into force in Europe 18 months from now, and so far, the strategy of many IT professionals appears to be “pretend it’s not happening.” That’s the takeaway from a survey published today by Dell that suggests most firms are unprepared for the EU’s General Data Protection Regulations.

This collection of laws (known as GDPR) passed earlier this year, and will introduce a spate of stiff compliance measures and eye-watering penalties for companies that don’t take a series of steps to manage data. For instance, firms will have to:

  • Hire a data protection officer
  • Introduce “privacy by design” to their workflow
  • Get explicit consent to use a wide variety of data
  • Increase opt-out and data portability options

If they don’t comply, companies face a maximum fine of 20 million euros or 4% of total revenue—whichever is greater.

According to the Dell survey, which polled 821 IT professionals across the globe, 80% said they knew little or nothing about the GDPR, while 97% said their companies didn’t have a plan in place to implement the new law.

According to Michael Tweddle, a Dell executive, the survey also suggested that the IT crowd felt most confident about being able to comply with impending rules related to email security, but much less so when it came to those related to document access. (Under the GDPR, companies will have to create procedures that limit who can access shared files hosted on platforms like Dropbox or SharePoint.)

The lack of readiness described in the survey could be an ominous sign for companies, especially those outside the EU that do business with European citizens, given the recent assertiveness of privacy regulators on the continent.

Firms will, presumably, start paying more attention as the GDPR implementation date of May 2018 draws closer. And it’s a safe bet corporate legal departments are tuning into the rules, even if the operation crowd is not (law firm Allen & Overy has a good briefing here).

Finally, it will be curious to see if politicians in Europe, where the economy is still limping, will decide to flinch and water down or defer the regulations if compliance costs prove too high.