The first major issue many IT organizations will confront in the new year is the need to comply with the General Data Protection Rule (GDPR) that goes into effect in the European Union (EU) in 142 days.
Scheduled to go into effect on May 25, GDPR gives consumers in the EU the right to know what data any organization possesses about them and, if they so desire, to require that organization to erase that data. Failure to comply can result in fines that can range as high as 4 percent of global revenues.
Consumer awareness of GDPR
A new survey of 7,000 consumers in the EU conducted by Pegasystems, a provider of customer relationship management (CRM) software, finds that 79 percent of the respondents are unaware of GDPR. That suggests it might be a while before many consumers exercise their new-found rights. But once informed of what GDPR entails, a full 82 percent of the respondents said they would exercise those rights.
Specifically, 93 percent said they would force an organization to erase their personal data if they weren’t comfortable with how they thought companies were using it. The top issue cited for becoming uncomfortable with how personal data was being employed is discovering an organization had sold their personal data to another entity (45 percent).
Most consumers are content to allow organizations store basic data about them, such as their name and email addresses. But, far fewer approve of more detailed data being stored. Only 4 percent approve of organizations holding information gathered by third-party organizations. Just 5 percent approve of real-time location data being gathered, and only 7 percent approve of tracking of social media activities. Also receiving low marks are credit history (9 percent) and income (10 percent). Even storing order histories only garnered support from 44 percent of the respondents.
GDPR challenges and opportunities
The Pegasystems report notes that without access to that data many of the efforts organizations have under way to improve customer service will likely be hampered unless a customer specifically approves them. In addition, Pegasystems also predicts that efforts to leverage large amounts of data to train artificial intelligence applications on how to improve customer service and, by extension, increase sales will be much less effective.
There is some doubt over how feasible it will be for the EU to enforce GDPR in the digital business age. But, the Pegasystems survey finds that consumers in Italy, Spain, and France are the most likely to invoke their GDPR rights. The GDPR challenge and opportunity facing managed service providers is that many customers will become increasingly desperate to achieve GDPR compliance in the next five months. That means demand for data management expertise provided by MSPs is likely to spike in the weeks ahead. The Cloud Security Alliance (CSA) recently published a guide on what’s required for organizations to achieve compliance with GDPR. But, it’s already clear many organizations will miss the deadline.
The true test of any organization’s ability to achieve GDPR compliance may not come until months after the GDPR deadline, though. All it takes is for one customer to get irritated enough to lodge a GDPR complaint. Once that complaint gets lodged, lawyers will employ every means possible to challenge the data management capabilities of MSPs that may even need to hire their own counsel. Whatever the outcome, the cost of managing data in the EU is about to become a whole lot higher.
Photo: Ivan Marc/Shutterstock.com