Global Firms Must Gear Up for New EU Data Rules
Legislation that mandates stronger data protection will take effect in the European Union next May, affecting the way organizations collect, store, manage and protect customer data. Many European and U.S. companies doing business in the EU aren't ready to comply with the tougher rules of the EU General Data Protection Regulation (EU GDPR). That is one key finding of "EU GDPR: Countdown to Compliance," a report based on a recent survey of corporate IT professionals in five countries. Interestingly, many U.S. companies appear to be better prepared than their EU counterparts, "though they still have a long way to go," stresses Richard Stiennon, chief strategy officer of Blancco Technology Group, which conducted the study. One rule pertains to a consumer's "right to be forgotten": basically, to have all personally identifiable information (PII) permanently deleted from an organization's records. The many enterprises that aren't sure where their customer data is stored—or that use unreliable data removal methods—will struggle to comply, the report points out. Survey respondents are also concerned about the 72-hour breach notification and the need to maintain written records of data processing activities. Stiennon urges businesses to address these issues, observing, "American execs should have a complete picture of all the EU citizen and resident data their companies are storing and processing so they can ensure they are adequately protecting that data."