Most US Firms Not Ready to Comply With New European Data Privacy Laws

Register now

Most U.S. businesses with European customers are not prepared to comply with recently-approved European Union General Data Protection Regulations (GDPR), which include “right to be forgotten,” data anonymizing and customer consent mandates, according to a new report from research firm Vanson Bourne.

A survey of 400 CIOs at large companies across vertical markets in the U.S. and Europe, sponsored by mainframe software vendor Compuware, showed that more than half (52%) of U.S. companies have personally identifiable information (PII) on EU customers but only 33% have plans in place to comply with the GDPR.

A majority of these companies (78%) admit it’s sometimes difficult to know exactly where all their customer data resides. U.S. companies will face fines or lawsuits from EU citizens or organizations if they don’t fully comply by the May 2018 deadline, the report noted.

“This isn’t necessarily the burden Y2K was, but many U.S. companies with international customers are in for major overhauls of their data systems prior to the May 2018 deadline,” said Chris O’Malley, Compuware CEO. “The ‘right to be forgotten’ provision could be particularly problematic, as it requires companies to fully delete every instance of a customer’s personal info upon request.”

About eight in 10 of the CIOs surveyed said they are concerned about how the regulations will limit their ability to use customer data. The collection of this data is big business, and these regulations could hamper a company’s ability to leverage that information for targeted marketing purposes, the report said.

For reprint and licensing requests for this article, click here.