How GDPR could cause chaos to the European economy

Intralinks, a leading global SaaS provider of enterprise collaboration solutions, has published a report revealing that global businesses are set to review their business strategies in Europe in light of the upcoming General Data Protection Regulation (GDPR).

Ovum, a global analyst firm focused on converging IT, telecoms and media markets, was commissioned by Intralinks to survey 366 IT decision makers across Europe, the Americas and Australasia and report on how prepared cloud companies are for pending data privacy regulations, and whether they intend to adjust their cloud and business strategies as a result.

1. What is the GDPR? Why is it needed?

Over the next couple of years, the European Union (EU) is looking to implement the GDPR, which will replace the EC Data Protection Directive (Directive 95/46/EC) across 28 countries.

According to the EU, the GDPR aims to “reinforce data protection rights of individuals, facilitate the free flow of personal data in the digital single market and reduce administrative burden.”

Controversially, the GDPR’s “one-stop-shop” principle will mean that businesses with a number of locations across the EU will only have to deal with one lead supervisory authority in the country in which their ‘main’ presence is located.

The new regulations will also see an increase in sanctions, with maximum fines of either €1 million or 2 per cent of annual worldwide turnover, and data controllers will be obliged to report breaches to the Data Protection Authority (DPA) and, depending on circumstances, to the affected individuals themselves.

2. How is it expected to affect businesses operating in Europe?

The report found that 66 per cent of global companies will review their business strategies in some European countries. Underpinning this rationale is cost and practicality, with 68 per cent of respondents claiming the new regulation will dramatically increase the cost of doing business in Europe, and over 50 per cent feeling they won’t be able to fulfil the requirements set out by the EU.

3. What are the main concerns?

According to Alan Rodger, senior analyst at Ovum, “New regulations, such as the GDPR, are seriously worrying global business. Different jurisdictions are imposing inconsistent and often incompatible mandates for how personally identifiable information is stored, processed and shared. This is already creating confusion and uncertainty, leaving fundamental questions unanswered, such as how to interpret data location requirements.
Organisations need technology options that help them react to a rapidly changing regulatory environment.”

58 per cent of respondents in the US said they thought the GDPR will result in fines for their businesses. Respondents in Europe demonstrated a similar level of pessimism to those across the Atlantic, with 53 per cent of UK respondents and 62 per cent of German respondents believing they will be fined.

4. What are the cost implications of the GDPR likely to be?

Meeting future data privacy regulations is expected to come at significant cost for businesses. More than 70 per cent of respondents anticipate an increase in spending in order to meet data sovereignty requirements, and over 30 per cent expect their budgets to rise by more than 10 per cent over the next two years as a result.

For example, of those organisations planning to update their data privacy strategies in the next three years, 38 per cent look to hire experts in the subject, and 27 per cent plan to hire a chief privacy officer.

5. What effect is it likely to have on the use of cloud-based environments?

Organisations are now borderless and employees are more mobile, all of which is supported by cloud computing. On the flip side, the compliance obligations arising from legislation are becoming more complex, even more so for organisations that operate across different jurisdictions – particularly in the context of how legislation applies to data stored with cloud-based services.

Despite the overall pessimism surrounding GDPR and pending data privacy regulations, respondents to the survey still intend to use the following technology environments to store regulated and sensitive data by mid-2018:

  • Internet of Things implementations (66 per cent)
  • Mobile applications (70 per cent)
  • Infrastructure as a Service (73 per cent)
  • Platform as a Service (70 per cent)
  • Software as a Service (78 per cent)

This suggests that global companies will migrate to cloud-based environments regardless of regulations, although the associated compliance costs will cause dramatic reviews of European operations for many global companies with a presence in Europe.

6. What steps are companies planning to take to meet new regulations?

More than half (55 per cent) of respondents said they are planning new training on the subject for their employees. Half of businesses (51 per cent) will amend and adapt their data privacy policies, and a similar number (53 per cent) will adopt new technologies by way of preparation for new regulations.

Now, more than ever, organisations need technology options that will help them to react to a rapidly changing regulatory landscape.

7. Will North American companies be affected too?

Companies in the US expect to be further disadvantaged compared to their European counterparts, with 63 per cent of respondents believing that the GDPR will make it harder for American companies to compete in Europe, and 70 per cent predicting that the new legislation will favour businesses based in Europe.

Richard Anstey, CTO EMEA, Intralinks

Image Credit: Flickr/Sébastien Bertrand