Many Australian organisations are unprepared to comply with the EU's General Data Protection Regulation that comes into force in a little more than a year, a study by data management company Veritas Technologies claims.
The study, carried out by Vanson Bourne for Veritas, questioned 900 business decision-makers in February and March across the US, the UK, France, Germany, Australia, Singapore, Japan and South Korea.
In Australia, 88% of those interviewed said they were worried that failure to comply with the GDPR would have negatively affect their businesses.
And 23% were apprehensive that non-compliance would force them to shut shop.
{loadposition sam08}The GDPR aims to harmonise governance of information that relates to individuals across the EU and calls for greater oversight of where and how personal data — including credit card, banking and health information — is stored and transferred, and how access to it is policed and audited by organisations.
The regulations will extend globally, affecting any company that offers goods or services to EU residents, or monitors their behaviour, for example, by tracking their buying habits.
Other Australian-specific findings:
- Less than 30% believed their organisation was compliant;
- About 46% have expressed concerns that they will not meet the compliance deadline;
- More than 1 in 4 (29%) were worried about potential lay-offs due to high financial penalties (upto €20 million or 4% of annual turnover);
- About 30% were fearful their current technology stack was unable to manage their data effectively;
- About 39% said their organisation could not accurately identify and locate relevant data; and
- About 42% admitted there was no mechanism in place to determine which data should be saved or deleted based on its value.
- The study found that globally many businesses had a long way to go before they were GDPR-compliant.
The study found that several countries were way behind their global counterparts in terms of GDPR readiness. Singapore, Japan and South Korea were last in the survey on this topic, with 56% of respondents in Singapore fearing they would be unable to meet the deadline. In Japan and South Korea this figure was 60%.
Fears of going out of business were greatest in the US and Australia. Nearly 25% of respondents in both countries feared non-compliance could lead to closure.
Similarly, respondents in the US (26%) and Australia (30%) were also the most concerned that penalties from GDPR non-compliance could lead to layoffs. In South Korea, the figure was 23%.
In the Asia Pacific region, businesses were worried about a compliance failure affecting the reputation of their brands.
“There is just over a year to go before GDPR comes into force, yet the ‘out of sight, out of mind’ mentality still exists in organisations around the world. It doesn’t matter if you’re based in the EU or not, if your organisation does business in the region, the regulation applies to you,” said Mike Palmer, executive vice-president and chief product officer, Veritas.
“A sensible next step would be to seek an advisory service that can check the level of readiness and build a strategy that ensures compliance. A failure to react now puts jobs, brand reputation and the livelihood of businesses in jeopardy."
Graphic: courtesy Veritas Technologies.