Since the 25th. The new General Data Protection Regulation will be implemented in Europe in May 2018 – with fewer warnings than previously feared. Nevertheless, German companies in particular are not yet able to breathe.
Temporarily shut down websites, blocked media offers and thousands of consultations with lawyers and data protection authorities – the European General Data Protection Regulation (GDPR) is driving companies from all sectors. Not surprisingly, with fines of up to 20 million euros, or four percent of the global sales of the previous year, their threat potential is enormous. The notorious regulation has been in force for just over two months – and according to concurring media reports, the wave of warnings that everyone fears has so far failed to materialise. So all the excitement for nothing? Not quite: Especially among IT decision-makers in Germany, the uncertainty is still unlikely to eat.
German companies meet GDPR requirements least
This suggests an investigation by data management specialist NetApp, which involved 1,106 IT decision-makers from Germany, France, the UK and the US. It reveals that German companies are the worst prepared for the new regulation in international comparison: just before the cut-off date, only 57 percent of German respondents were able to use the encryption of personal data. According to the British (69 percent), U.S. (64 percent) and French (63 percent) companies, the lowest score by far. Little is likely to have changed to date. In addition, according to the survey, Germans are the least convinced that they can ensure data integrity (55 percent) and that the security measures taken can be regularly checked for effectiveness (49 percent). And with 35 percent approval, German companies are also least able to report data breaches to the relevant supervisory authority within 72 hours. Only the pseudonymization of personal data is the most likely to be done by IT decision-makers in this country (42 percent).
Poor preparation leaves German companies behind
But where does this predicament of German companies come from – despite a two-year lead time? The further results of the study suggest that this is due to insufficient preparation: in spring 2018, for example, only 40 percent of German companies said that in the last 24 months external GDPR experts had been consulted and their recommendations implemented. far less than companies in the US (63 per cent) and France (48 per cent). And only a good one third of German IT decision-makers say that they have introduced a GDPR strategy on the basis of an internal review during the same period or at least consulted external experts – cross-border in both cases. the lowest level of approval. German companies are equally deflated when it is invested in trained personnel (16 percent), IT infrastructures and data technologies (29 percent). Even two percent of German IT decision-makers admit that they have done nothing for GDPR compliance.
Despite everything: German companies see their agility less at risk
Asked about the possible negative impact of the GDPR on the agility of companies, German IT decision-makers are comparatively optimistic: While in international comparison, on average 44 percent of all respondents are affected by such restrictions. in Germany, it is below average 39 percent. And German companies also see the agility of their IT infrastructure less threatened by the requirements of the regulation: just over a third share this fear in this country. By comparison, in the US, it's 53 percent! In addition, Germans also fear fewer consequences for their own staff: less than a third believe that the GDPR will have a negative impact on the agility of staff trained in law and compliance. Just over a fifth have a corresponding impact on other departments such as marketing and sales.
No question of pessimism
The fact that the results of NetApp's study are primarily due to the often invoked, pronounced pessimism of the Germans seems unconvincing. Rather, they show the enormous catching-up needs of German companies in terms of GDPR compliance. A major risk in view of the possible draconian sanctions. Although the legality of warnings may remain controversial, there can be no continuation of their previous course for companies. Instead, IT decision-makers need to push for GDPR-compliant data management as soon as possible, if they don't want to be dragged into the abyss by a possible wave of warnings.
The guest post is by Dr. Dierk Schindler, Head of EMEA Legal & Global Legal Shared Services at NetApp.
(NetApp image source)
Kommentieren