GDPR: A boon for privacy or choking regulation? Businesses weigh in

IBM says that while many firms view GDPR as a catalyst for new business models, few will be ready in time.
Written by Charlie Osborne, Contributing Writer

The deadline for the EU's GDPR is fast approaching, causing unbridled chaos for some companies.

The new regulations are forcing the enterprise and SMBs alike to rethink their perspective on data collection, and while new requirements may help protect consumer privacy and security, businesses are scrambling to meet the European Union's 25 May 2018 deadline.

On Wednesday, IBM released the results of a new study into how businesses view the impending changes caused by the General Data Protection Regulation (GDPR).

According to the research, based on an IBM's Institute for Business Value (IBV) survey of 1,500 business leaders, nearly 60 percent of organizations are embracing GDPR as an opportunity to improve privacy, security, and data management, or as a means to create new business models and revenue streams.

Ahead of the deadline, the majority of companies are now tackling exactly what data they collect and manage -- and as a result, have begun to become more selective. The majority of survey respondents said their organizations have also begun disposing of data in order to comply with the new rules.

Based on the report's data, roughly 80 percent of organizations claim they are cutting down on the amount of personal information they collect and store, 70 percent are disposing of data, and 78 percent are reducing the number of people who have access to stored information.

Cutting down data collection, storage, and sharing will help companies manage GDPR -- but will also have a knock-on effect for consumers, too.

In a world full of data breaches and cyberattacks, the more information is stored about individuals through each of the many online services we use, the more risk there is for information to become compromised, whether through the company itself, a third-party, or someone who has access to these records.

In total, 76 percent of respondents said that GDPR should improve trust and the relationship between businesses and consumers, with 84 percent believing that GDPR compliance will put their firms in good stead as a differentiator to the public.

However, there is still a wide chasm between the European Union's data protection dreams and company action as only 36 percent of organizations believe they will be ready in time.

There are challenges associated with GDPR which companies are facing as we speak. Companies have to know exactly what information from consumers has been collected, where it is stored, and whether or not it is accurate and necessary.

Organizations must also now comply with the EU's data processing and sharing principles and they must ensure that consent has been given by consumers to keep their information on record.

(If you have recently been receiving emails from companies asking to stay in touch, the need for consent ahead of the GDPR deadline is why.)

Businesses must also ensure their cross-border data handling complies with the GDPR decree.

Another major issue is that companies operating in the EU must report data breaches to regulators within 72 hours. According to IBM's research, only 31 percent of organizations have prepared for this requirement.

See also: What is GDPR? Everything you need to know about the new general data protection regulations

Despite the current chaos, 22 percent of companies are taking advantage of GDPR to improve their business operators. Of this subset, 93 percent have modified their incident response setups, 79 percent are preparing for data accuracy checks, and 74 percent were implementing new security and privacy systems for products and services.

"GDPR will be one of the biggest disruptive forces impacting business models across industries -- and its reach extends far beyond the EU borders," said Cindy Compert, CTO, Data Security & Privacy at IBM Security. "The onset of GDPR also comes during a time of huge distrust among consumers toward businesses ability to protect their personal data."

"These factors together have created a perfect storm for companies to rethink their approach to data responsibility and begin to restore the trust needed in today's data-driven economy," the executive added.

10 steps to erase your digital footprint

Previous and related coverage

Editorial standards