Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

OVER TWO-THIRDS OF BUSINESSES AT RISK OF FALLING FOUL OF NEW EU DATA PROTECTION LAWS

43% of businesses put customer privacy at risk by failing to anonymise test data

  • With the new EU General Data Protection Regulation (GDPR) finally agreed, 68% of businesses don’t yet have a comprehensive plan in place for how they will respond to its impact.
  • Just 52% of businesses could efficiently comply with the “Right to be Forgotten” mandate.
  • The difficulty of compliance with EU data mandates is being exacerbated by growing IT complexity, Agile and DevOps-enabled proliferation of new applications, ongoing collection of more data, and outsourcing.
  • To be prepared for GDPR compliance, companies must improve their data governance and test data management capabilities across all platforms—including the mainframe, where the majority of customer data resides.

Compuware Corporation, the world’s leading mainframe-dedicated software company, today released new research that reveals many European and U.S. businesses are ill-prepared for the recently agreed EU General Data Protection Regulation (GDPR) and are at risk of falling foul of its rules around the use and control of personal data. Key findings include:

  • Just over half (55%) of European businesses are well briefed on the GDPR and its impact on the way that customer data can be handled.
  • Over half (52%) of U.S. businesses hold European customer data, meaning they too will need to comply with the new regulations.
  • Just 43% of U.S. respondents claim to be well-briefed on the GDPR and its impact.
  • Despite the risks of failing to comply, 68% of businesses don’t yet have a comprehensive plan in place for how they will respond to the impact of the GDPR.

Factors contributing to the difficulty of EU GDPR compliance include growing IT complexity, the Agile and DevOps-enabled proliferation of new applications, ongoing collection of more data, and IT outsourcing. The overwhelming majority of respondents (63%) admitted that data complexity is one of the biggest hurdles to achieving compliance, whilst a further 53% said that securing and handling customers’ consent for their data to be used would be another major hurdle.

Poor control of the ‘Right to be Forgotten’

The research indicates that businesses are struggling to control their data, which will make it difficult to comply with the ‘Right to be Forgotten’ mandate laid out in the GDPR. Key findings include:

  • 68% of respondents said the complexity of modern IT services means they can’t always know where customer data is.
  • Over half (53%) said that it is especially difficult to know where all of their test data is.
  • Just over half (51%) of CIOs can locate all of an individual’s personal data quickly, whilst nearly a third (30%) admitted they could not guarantee they would be able to do so at all.
  • Respondents also said that the use of outsourcers (81%) and mobile technology (63%)is making it even harder to keep track of where customer data resides.
  • Nearly half (45%) of respondents said it would take their business a lot of time and resources to comply with a request to show an individual all of the data that the organisation holds on him or her across all of its systems.
  • Just over half (52%) would then be able to remove all of that data efficiently should the individual exercise their ‘Right to be Forgotten.’

“To comply with the GDPR, businesses need to keep stricter control of where customer data resides,” said Dr Elizabeth Maxwell, PC.dp, and Technical Director, EMEA, Compuware. “If they don’t have a firm handle on where every copy of customer data resides across all their systems, businesses could lose countless man-hours conducting manual searches for the data of those exercising their ‘Right to be Forgotten.’ Even then, they may not identify every copy, leaving them at risk of non-compliance.”

Testing the boundaries of consent

The research found that 86% of businesses use live customer data to test applications during software development. However, just one in five respondents ask for explicit customer consent for their data to be used in testing, leaving the majority non-compliant with the GDPR. Alarmingly, 43% of those that test applications with live data are further putting customer privacy at risk, as they cannot guarantee that data is depersonalised before it is used.

“Using customer data to test applications is fairly standard practice, but there’s no need or excuse for not depersonalising it first,” continued Dr Elizabeth Maxwell.  “Companies that fail to mask data before using it to test applications could soon find themselves slapped with an eye-watering fine from EU regulators. As well as being better for protecting customer privacy, anonymising test data eliminates the need to obtain customers’ explicit consent for it to be used in this way, which over half (53%) of CIOs identified as one of the biggest hurdles in GDPR compliance.”

Commissioned by Compuware and conducted by independent research company Vanson Bourne, the survey was administered to 400 CIOs at large companies covering a cross-section of vertical markets in France, Germany, Italy, Spain, the UK and the U.S.

Compuware Corporation

Compuware empowers the world’s largest companies to excel in the digital economy by fully leveraging their high-value mainframe intellectual property. We do this by delivering highly innovative mainframe application development and performance optimization solutions that uniquely enable IT to drive business value. Learn more at compuware.com