Singapore, Japan, Korea among least prepared for new EU data laws

More than half of businesses in Singapore, Japan, and South Korea are among the least prepared for the upcoming European Union's data privacy laws, with a quarter of their counterparts in Australia and the US fearing a shutdown as a result.

With a year to go before the General Data Protection Regulation (GDPR) would take effect on May 25, 2018, some 56 percent of Singapore-based companies had expressed concerns they would not be able to meet the deadline for compliance.

A higher 60 percent of businesses in Japan as well as South Korea expressed similar concerns, placing them last globally in GDPR readiness, according to a survey conducted by Vanson Bourne and commissioned by Veritas Technologies. The study polled 900 business decision-makers across eight markets including Germany, France, and the UK, with 100 respondents from each market except for the US, which had 200 respondents. Respondents were from organisations with at least 1,000 employees and that had business dealings with EU and, therefore, held personal data on EU residents.

Worldwide, 86 percent were anxious their failure to ensure GDPR compliance would have a significant negative impact on their business, with almost 20 percent concerned it could shutter their business. Such worries were most prevalent in Australia and the US, where almost 25 percent each feared non-compliance could put them out of business.

The new privacy laws would give the EU's 500 million citizens the right to move their data from one provider to another, instruct any organisation to stop building profiles on them, and the "right to be forgotten". Businesses that breached the privacy laws would face fines of up to 4 percent of their annual global revenue or 20 million euros (US$21.46 million), whichever was greater.

Personal data would include credit card and banking information as well as healthcare information, and any global company that offered goods and services to EU residents or monitored these consumers' behaviours, such as online buying habits, would be impacted by the GDPR.

Globally, 47 percent of respondents in the Veritas study were unsure if they would be able to meet the May 25 deadline, while 31 percent said their organisation was prepared for the GDPR regime. Companies working to ensure compliance were projected to spend at least US$1.4 million on various initiatives to be GDPR-ready.

Australia also was most concerned about potential layoffs as a result of penalties from non-compliance, with 30 percent in the country expressing such fears, while 26 percent in the US and 23 percent in Korea had similar worries.

Another 21 percent in Korea as well as Japan were concerned non-compliance could result in loss of customers due to negative media and social coverage, while this figure stood at 20 percent in Singapore.

Veritas' executive vice president and chief product officer, Mike Palmer, said: "There is just over a year to go before GDPR comes into force, yet the 'out of sight, out of mind' mentality still exists in organisations around the world. It doesn't matter if you're based in the EU or not, if your organisation does business in the region, the regulation applies to you.

"A failure to react now puts jobs, brand reputation, and the livelihood of businesses in jeopardy," Palmer warned.

Worldwide, 32 percent expressed concerns their existing systems were unable to manage their data effectively and could impede their ability to search, discover, and review information, which were necessary to ensure GDPR compliance. Another 39 percent said they could not accurately identify and locate relevant data, noted Veritas, which added that the data laws would require organisations to provide EU residents, when asked, a copy of their data or to delete the data within 30 days.

The study findings echoed those in a similar October 2016 survey by Dell Technologies, which found 90 percent of Asia-Pacific businesses knew little or nothing about GDPR. Only 7 percent had a plan in place to prepare for the new laws, while 85 percent were unaware of whether their company would face fines for their existing data privacy policies in a GDPR regime. This despite the fact that 95 percent said their organisation's existing practices would not meet the new legislations.