With the May 2018 compliance deadline for the General Data Protection Regulation, CIOs are preparing for big changes in how they handle EU customer data.
While the majority of U. S. CIOs consider themselves well-briefed about the European Union’s pending General Data Protection Regulation (GDPR) , they are concerned about its impact on their ability to use data related to European customers and individuals, according to a recent survey from Compuware. With the May 25,2018 deadline approaching, the » Compuware GDPR Readiness Survey » reveals that most CIOs have prepared a «detailed and far-reaching plan» for compliance. Among other measures, the GDPR requires that companies provide breach notification within 72 hours of incident awareness. In addition, individuals are allowed to find out whether an organization is processing data about them—and for what purpose. And, with the GDPR’s «right to be forgotten» section, people can have their data erased and can halt any further processing of it. With the GDPR’s «increased territorial scope, » all businesses handling personally identifiable information (PII) on people residing in the EU are subject to these regulations, regardless of where the business is located. Among other major hurdles, U. S. CIOs face challenges in the form of customer data consent-related issues, data quality and complexity, and the cost of implementation. «U. S. organizations are heading in the right direction on GDPR compliance, but there is still work to be done to improve data governance capabilities, » said Chris O’Malley, CEO of Compuware. «Manual processes that are used to locate and protect customer data must be replaced with automated capabilities that enable businesses to quickly, accurately and visually manage data privatization and protection.» An estimated 100 U. S. CIOs took part in the research, which was conducted by Vanson Bourne.