Commentary

Anarchy In The UK: Studies Show Firms Are Not Ready For GDPR

Are companies ready for the EU’s General Data & Protection Regulation (DDPR)? They’re not, judging by a passel of reports from the UK.  

While 95% of UK business leaders know they have to comply, most don’t have a clue what personally identifiable information (PII) is, according to a study by Trend Micro.

For example, 42% don’t realize that email marketing databases constitute PII, and 21% have the same lack of awareness about email addresses. And 64% don’t know that the birth date also falls under that heading.

What’s the problem? That “this data provides hackers with all they need to commit identity theft, and any business that is not properly protecting this information is at risk of a penalty fine,” Trend Micro says, according to Channel Partners.

Meanwhile, half of UK employees don’t think their company is ready for the GDPR, Storage Made Easy found in a survey of 200 individuals. Finally, Citrix has determined that companies face several technical challenges in complying with GDPR.  

advertisement

advertisement

One is data sprawl. The average large UK business uses 24 systems to store personal data, and 21% deploy over 40 systems, Citrix found in a survey of 500 IT leaders.

Another is information overload. Large UK businesses collect personal data from 577 individuals per day, and 26% gather it on 1,000 people. Over half store this data for over a year, and a quarter do so for five years. And a small number of firms never use it.

Then there is the issue of data ownership. Only 27% believe data is owned by the customer, and half think the company owns it.

Clearly, the philosophical foundation of GDPR is that the customer owns this data, or should control it.   

Need we remind you, the GDPR takes effect next May 25. And UK businesses have to comply, Brexit notwithstanding. 

Although these are all UK studies, they have significance for the United States. If you’re doing business in Europe, you risk staggering fines for non-compliance — up to 4% of your turnover.  

This could be hard on the likes of Facebook, one source notes. And it could be an obstacle for programmatic advertisers.

“I cannot see how programmatic can ever be GDPR-compliant unless it is limited to a small number of organizations, rather like a prospect pool,” Ad Exchanger writes. “The GDPR will require advertisers to obtain active consent from customers, which will involve them specifically opting in to, rather than out of, a deal.

And don’t think the data owner will escape responsibility by using a U.S. service provider — both firms will take the hit if there’s a problem, the reports state.

You may argue that the U.S. does not share these ideas about privacy. But it does in one sense. In European jargon, it all comes down to a basic right.

The right to be left alone.

Next story loading loading..