Two-thirds of global companies will review their business strategies in European countries in light of the coming General Data Protection Regulation (GDPR), a survey has revealed.
Underpinning this is costs and practicality, with 68% of respondents claiming the new regulation will dramatically increase costs of doing business in Europe, and over 50% feeling they will not be able to fulfil the requirements set out by the EU.
Ovum, a global analyst firm, was commissioned by collaboration software as a service (SaaS) provider Intralinks to survey 366 IT decision makers across Europe, the Americas and Australasia on how prepared companies are for pending data regulations, and whether they intend to adjust cloud and business strategies.
“New regulations, such as the GDPR, are seriously worrying global businesses,” said Alan Rodger, senior analyst at Ovum.
“Different jurisdictions are imposing inconsistent and often incompatible mandates for how personally identifiable information is stored, processed and shared. This is already creating confusion and uncertainty, leaving fundamental questions unanswered, such as how to interpret data location requirements,” he said.
According to Rodger, organisations need technology options that help them react to a rapidly changing regulatory environment.
The survey revealed 52% of those polled think the GDPR will result in fines for their businesses, with respondents in Europe demonstrating a similar level of pessimism to those outside of Europe.
Fines are inevitable according to 53% of UK respondents, 62% of German respondents and 58% of US respondents, while 63% of all respondents believe the proposed GDPR will make it harder for US companies to compete in Europe, and 70% think the new legislation will favour businesses based in Europe.
“With this regulation, it is essential to balance the protection of civil liberties with creating economic growth and innovation,” said Syed Kamall, UK MEP. “Addressing the concerns which have been raised during the process is a key priority, so that we create a regulation which provides opportunity in the EU, creates a legal level playing field, and encourages consumer trust and investment,”
Meeting future data privacy regulations is expected to come at a significant cost for businesses, with more than 70% of respondents expecting an increase in spending in order to meet data sovereignty requirements, and over 30% expecting their budgets to rise by more than 10% over the next two years as a result.
Of those organisations planning to update their data privacy strategies in the next three years, 38% plan to hire experts in the subject, and 27% plan to hire a chief privacy officer.
Despite the overall pessimism surrounding GDPR and pending data privacy regulations, respondents still intend to use internet of things (IoT) implementations (66%), mobile applications (70%), infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) to store regulated and sensitive data by mid-2018.
However, the associated compliance costs are expected to cause dramatic reviews of European operations for many global companies with a presence in Europe.
“Organisations are now borderless and employees more mobile, all of which is supported by cloud computing,” said Richard Anstey, chief technology officer for Europe at Intralinks. “On the flip side, the compliance obligations arising from legislation are becoming more complex, even more so for organisations that operate across different jurisdictions – particularly in the context of how legislation applies to data stored with cloud-based services.”
“Now, more than ever before, organisations need technology options that will help them to react to a rapidly changing regulatory landscape,” he said.
The survey also found that the US is the least trusted country when it comes to respecting data privacy, and of 20 industrialised economies, it was ranked the most likely to gain unauthorised access to information by respondents, ahead of China in second place and Russia in third.
More than half (55%) of respondents said they are planning new training on the subject for employees, 51% of business will amend and adapt their data privacy policies, and 53% will adopt new technologies by way of preparation for new regulations. Only 44% of respondents currently monitor the activities of their users and provide alerts of data policy violations, only 53% classify information to align with access controls, and 47% have no policies or controls governing access to consumer cloud storage and file-sharing systems like Dropbox.
A final text for the GDPR is expected to be agreed by the end of 2015, which means it could come into force as early as 2018.