On October 11, Dell dropped a bombshell on the digital business community (read: the business community). The news came in the form of a press release and report detailing the results of a new survey commissioned by Dell to assess organizations’ preparedness for the European General Data Protection Regulation (GDPR), set to take effect in May 2018.
821 qualified professionals responded to the survey — the majority IT executives and managers — and their answers were, to say the least, cause for alarm. The GDPR is broad-based, comprehensive and has real teeth compared to existing data privacy and protection standards, with fines for noncompliance topping tens of millions of dollars for large enterprise offenders. It also affects businesses globally, despite being a European measure, since it applies equally to all businesses with EU-based customers, no matter where they’re based.
What You Don’t Know WILL Hurt You
Despite the complexity of the new laws, and the grave consequences of not meeting their requirements, the results of Dell’s survey reveal that businesses are simply not prepared for GDPR. Indeed, many are not even aware of its general structure or principles. For example:
- More than 80 percent of global respondents know few details or nothing about the GDPR
- Less than one in three companies feel they are prepared for the GDPR today
- 97 percent of companies don’t have a plan to be ready for the GDPR
- Only nine percent of IT and business professionals are confident they will be fully ready for the GDPR
Cybersecurity heavyweight Symantec also commissioned a GDPR survey, this one based entirely in Europe. The results were strikingly similar to Dell’s, with some interesting highlights, including the fact that only 1 in 5 of respondents believe that it is even possible to become fully compliant with the GDPR, while 49 percent presume that some company departments will achieve compliance and others will not.
Dell notes that implementing best practices can help successfully tackle the new requirements, listing some recommendations to that end. These include hiring a data protection officer to ensure that businesses stay current with, implement and enforce the latest privacy laws. They also recommend, firming up access governance and control management for applications across the stack, and implementing bigger, badder firewalls to protect the perimeter of business or government networks.
Well Beyond the Back Office
Dell’s software primarily serves business users, and their survey guide illustrates the importance of meeting GDPR requirements for companies’ employee-facing systems. In this context, data security is the focus, with preparation mainly recommended around functions such as email security, management for access and privileged accounts, and stronger company firewalls. But employee-facing system security requirements are just the tip of the iceberg. Many of the trickiest aspects of GDPR compliance have to do with users outside of the firewall, in other words: customers.
Increasingly, consumer-facing enterprises leverage multi-tiered, cloud-enabled tech stacks that use consumers’ personal data as the primary fuel for marketing, sales or service efforts. While IT, S&R, Legal and other security stakeholders should consider their security posture, the entire enterprise leadership team must consider the GDPR’s stringent requirements for data privacy. These requirements are framed by the concept of “Privacy by Design” in the GDPR, with foundational principles such as making privacy the default setting, embedding privacy into overall design, and delivering visibility and transparency throughout the user experience.
Best Bet? Put Identity Front & Center
This is where we come in. Gigya acts as an enabler for data privacy and regulatory compliance by helping brands establish and grow identity-driven relationships with their customers. Clients who implement our Customer Identity Management platform, besides optimizing their customers’ experience, are also solving specific pain points around key areas of the GDPR’s requirements for consumer data privacy. From consent management and user data control to anti-spam, social network and disability compliance, our end-to-end, identity-based platform was designed to ensure consumer privacy and provide a transparent and flexible customer experience.
To learn more about the ramifications of the GDPR for managing customers’ digital identities, download this free white paper from EU-based tech analysts KuppingerCole.
By David Kerin