- GDPR awareness has grown from a trickle to a river, and companies around the world are paying attention to its costs. More than one-third of businesses acknowledge that GDPR is an existential threat, and around half of organizations recognize its potential for reputational damage and revenue loss, according to a NetApp survey of more than 1,100 CIOs, C-suite and IT managers across the U.S., U.K., France and Germany.
- Despite recognizing costs of noncompliance, only 40% of global businesses know where their service providers' data centers are located and where data is stored. In the U.S., this number rises to more than 50%.
- With six weeks left to go before the EU's data protection regulation takes effect, 67% of businesses expect to be compliant in time. Businesses dragging their heels to implement a holistic data protection plan are missing out on a transformation that will reduce risk, improve efficiency and create a data-centric business model, according to the report.
Even over the last six months, the number of companies aware of GDPR and actively working to become compliant has grown significantly. Plenty of stragglers and defiers remain, but for the most part businesses are invested. But what happens when not everybody buys into the system?
Ignorance of a partner's noncompliance will not save a company from the 4% fines of global annual turnover, so contractual pressures will make it difficult for businesses to opt out of GDPR without opting out of the digital ecosystem.
In light of many data scandals and breaches, having a thorough data protection plan is also increasingly important to customers, investors and consumers. And if your business doesn't know which providers hold its data or where their data centers are, that might be the first order of business.
Even the U.S., which has pointedly stood apart from its European brethren since 1776, has taken notice. At Mark Zuckerberg's testimony before the Senate and House this week, elected officials brought up the EU's upcoming regulation many times.
Interest in domestic data protection regulation is growing, but final resolution, if it is reached, has several hurdles to clear.