Page 5 - Cyber Warnings December 2015
P. 5
How the Data Privacy Rights Movement Puts Businesses at Risk
By Ron Hovsepian
National governments are enacting new, more stringent data privacy laws in an effort to protect
citizen data from unauthorized access and guard national security interests. This is a necessary
initiative for all countries. However, in the rush to pass new legislation that improves protection of
sensitive and personally identifiable information (PII), these nations are also forcing global
businesses to restructure current strategies, practices, and processes. This is going to be a costly
endeavor for businesses that have long relied on easy, consequence-free exchange of data across
borders.
For example, the European Union (EU) just announced agreement on a final text of the General
Data Protection Regulation (GDPR), which will replace the EC Data Protection Directive (Directive
95/46/EC) across 28 countries. Essentially, the aim of this regulation is to ensure the secure and
adequate handling of personal data through its entire lifecycle.
These are all positive goals. But when you consider that global organizations rely on SaaS and
cloud-based storage to streamline efficiencies and collaborate easily across borders, compliance
becomes extremely challenging. The price for non-compliance is steep, with fines up to 4 percent of
annual global turnover.
In order to measure awareness of and opinions on the global data privacy movement, Ovum
Research conducted a comprehensive survey of more than 300 global IT decision makers. This
research unveils a sobering account of how confused and unprepared these stakeholders are for
the coming data privacy regulations. Here are a few key takeaways:
U.S.-based multi-nationals are particularly vulnerable. The Ovum research shows that
the global sea change on data privacy is harming U.S. businesses that operate overseas.
The U.S. was ranked the “least trusted” country among 20 industrialized economies,
including China and Russia. Of the leaders surveyed, 63% of respondents believe that the
proposed GDPR will make it more difficult for U.S. companies to compete globally, and 70%
said they expect the new legislation, which is likely to pass before the end of the year, will
favor European-based businesses.
Businesses are bracing for fines. Two-thirds of IT decision-makers surveyed said the new
regulations will force them to make changes in their European business strategy. When
asked about the pending GDPR, 52% of respondents said they think it will result in business
fines for their company. More than 70% of respondents admitted that they expect an
increase in spending due to data privacy regulations, and 30% expect budgets to rise by
more than 10% over the next two years.
Businesses have no control systems in place to keep data private. While some
organizations are aware of data privacy as an issue, most are lacking reliable policies and
5 Cyber Warnings E-Magazine – December 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
