With the European Union’s General Data Protection Regulation, or GDPR, going into effect on May 25, companies are beginning to prepare for new data regulations in the face of a number of challenges.
Created by the European Council and the European Parliament, the upcoming rules will limit the amount of data that companies can collect about consumers. While EU consumers will gain more control over what information is forked over to companies, businesses will be more liable for collecting data and will have to clearly explain why they need to collect consumers’ data. The regulations will force brands to start from scratch with their data-collection processes, and they will not be able to use previously stored information that was incorrectly collected.
To dig into the issue a bit more, TrustArc and the International Association of Privacy Professionals, or IAPP, surveyed almost 500 privacy professionals to gauge the risks of noncompliance with various elements of the GDPR.
According to a new report, U.S. companies are more prepared for GDPR Day than European corporations, with 84 percent of U.S. respondents expecting to be GDPR-compliant by May 2. Conversely, more than one in four European professionals said they won’t be ready by GDPR Day. According to respondents from the EU, an inadequate budget is the biggest barrier they face, while U.S. respondents said legal complications will make compliance more difficult.
Respondents overall said failing to be prepared for a data breach is the greatest noncompliance risk, followed by data inventory and mapping. For U.S. respondents, failures associated with international data transfers ranked as the greatest noncompliance risk.
“Investing in training” was the No. 1 risk-mitigation choice overall, followed by investing in technology.