‘Data safety: few firms ready’

With less than four months to go for the EU’s General Data Protection Regulation to kick in, “too many companies are still not prepared” for the regime that would also cover Indian IT firms, according to a global survey.

“Asked to describe their company’s current status with respect to complying with the GDPR, only 33% of respondents said that they have a plan, while 39% said they are not familiar with GDPR,” according to EY’s Global Forensic Data Analytics Survey 2018.

An initiative to unify data protection laws across the EU, GDPR would apply to all firms, regardless of their location, that process personal data of people living in the EU. Once in force, the GDPR would require companies to notify a data breach within 72 hours of the event.

About 17% of respondents said they had heard of GDPR, but had not yet taken any action. The balance 11% said: “We are studying the GDPR and its scope.”

‘Minimum €20 mn fine’

Violators could be fined up to 4% of annual global turnover or €20 million, whichever is greater, according to the report. A total of 745 respondents in 19 countries were interviewed for the survey, including 40 in India.

EY Global Fraud Investigation & Dispute Services leader Andrew Gordon said, the “pace of regulatory change continues to accelerate and the introduction of data protection and data privacy laws, such as GDPR, are major compliance challenges for global organisations.”

Partner and head – India & Emerging Markets, Fraud Investigation & Dispute Services of EY, Arpinder Singh said: “all contracts would come up for review.. Why would any EU company take the exposure of having anything after May without a contract with GDPR compliance?” Indian IT firms ought to invest and comply before May, he said. In India, EY is advising 55 companies – with their revenues in excess of $500 million – on GDPR, he added.

New risks

According to the survey titled ‘How can you disrupt risk in an era of digital transformation?’, corporate India’s journey toward digital transformation has introduced new risks, especially around managing data, over the last two years. As many as 70% of Indian respondents see data protection and data privacy compliance as increasing areas of concern; while 46% are worried about cyber breach and insider threats. The role of advanced Forensic Data Analytics and emerging technologies would continue to be pivotal to mitigate escalating digital threats.

This article is closed for comments.
Please Email the Editor

Printable version | May 11, 2021 8:11:12 PM |

Next Story