Eighty percent of companies worldwide plan to cut down on the amount of personal data they collect ahead of the European Union's General Data Protection Regulation, which goes into effect May 25, according to an IBM survey released May 16.
The EU's new rules apply to anyone — even companies in the U.S. — who handle European citizens' personal information, including addresses, credit card numbers, computer ID codes, biometric data and anything else that can be traced back to an individual. The law, which is stricter and broader than HIPAA, will affect businesses of all sizes worldwide that use European citizens' data in their services.
To evaluate how companies worldwide are addressing the impending rules, IBM's Institute for Business Value surveyed 1,500-plus business leaders responsible for GDPR compliance across 34 countries. These leaders included chief privacy officers, chief data officers and data protection officers from 15 industries.
Here are four survey insights into GDPR preparedness.
1. Eighty-four percent of respondents believe proof of GDPR compliance will be seen as a "positive differentiator" to the public, and 76 percent indicated GDPR will enable more trusted relationships with data subjects that will create new business opportunities.
2. Respondents indicated their companies are being more selective about the data they collect and manage ahead of the May 25 enforcement date. Seventy percent of respondents said their organization is "disposing" of data that is no longer needed in anticipation of the compliance deadline.
3. A key element of GDPR requires companies to report data breaches to regulators within 72 hours. However, only 31 percent of companies have reexamined or modified their incident response plans to prepare for this mandate, according to the survey.
4. Only 36 percent of respondents indicated they believe their company will be fully compliant with GDPR by the May 25 deadline.
To access IBM's survey, click here.