More Than 90 Percent of Organizations Report the EU General Data Protection Regulation Will Impact the Way they Collect, Use and Process Personal Data
A study commissioned by CA Technologies (NASDAQ: CA) found that current application test data management practices are not adequate to meet the compliance requirements of the EU General Data Protection Regulation (GDPR). In fact, only 31 percent of respondents believed that their organizations’ current testing practices fully comply with the GDPR, which will affect any business that handles European personal data.
“With businesses across all industries increasingly expanding their global presence, the impact of new regulations such as the GDPR is going to be felt more quickly and intensely than many realize,” said Jeff Scheaffer, general manager, Continuous Delivery, CA Technologies. “GDPR’s definition of personal data, combined with high fines – €20 million or 4 percent of an organization’s global annual revenue, whichever is greater – should put IT and application teams on high alert to safeguard personal data across both development and testing environments.”
In the study titled “EU General Data Protection Regulation: Are you ready for it?,” the majority of respondents were not completely confident that their organization could meet two of the key provisions of the GDPR known as the “Right to be Forgotten” and the “Right to Data Portability.” When it came to identifying, erasing and providing customers with their data:
Only 33 percent were very confident that every piece of customer data could be identified promptly across all systems and applications.
Only 34 percent are completely confident that their organization can erase every instance of a customer’s (test) data without delay.
Less than half (43 percent) would be fully able to provide a customer with their data in a format accessible by them and transmissible to other formats, and
A surprising 10 percent currently say that they cannot do this at all.
The study also found that organizations will need to change core processes with more than 90 percent of respondents reporting that the regulation will impact how they collect, transfer, use, process, store and send/receive personal data outside the EU. The top technological challenges identified by 88 percent of survey participants as a potential risk to GDPR compliance include:
- sensitive data stored inconsistently (54 percent)
- multiple copies of production data stored across the corporate network (48 percent)
- technical debt or poorly understood data models (30 percent)
- ad hoc sharing of test data across personal test machines (25 percent)
To meet the GDPR’s May 25, 2018 deadline, almost nine in ten (89 percent) businesses stated that they need to invest in new technologies and services that include encryption (58 percent), analytic and reporting (49 percent) and test data management (47 percent) technologies.
“To ensure businesses can continue to trade and compete in today’s digital world, companies that have significant dealings with the EU and its citizens need to reevaluate their approach to managing test data sets and invest in the processes and tools that will ensure they meet the GDPR compliance standards,” continued Scheaffer.
CA Technologies continues to help customers address GDPR requirements through its broad portfolio that includes test data management, security, API management and mainframe solutions. These innovations enable organizations to confidently embark on their compliance journey to protect data in mainframe, distributed, cloud and mobile environments. For more information visit, //www.ca.com/gdpr.
Resources
– Complying with the EU General Data Protection Regulation: The Implications for Test Data Management eBook
– Learn more at CA World, November 14-18 in Las Vegas, NV
Study Methodology
Vanson Bourne conducted the CA Technologies-sponsored study of 200 IT, and risk and compliance decision makers in the US and UK at enterprise organizations with revenues of over $1 billion or more in financial services, manufacturing, retail, telecommunications and public sector industries. For additional details, see the report “EU General Data Protection Regulation: Are you ready for it?”