Beyond the General Data Protection Regulation (GDPR)
REPORT
Introduction
As every business decision-maker should now know, the E.U. General Data Protection
Regulation (GDPR) enforcement date is coming. The GDPR will be enforced starting May
2018 and will apply to those collecting, storing or using the personal data of the residents
of the European Union’s 28 member states. The Regulation changes requirements around
protecting the personally identifiable information of over 500 million people, and occupies
the minds of anyone around the world concerned with data protection.
The GDPR is not the only regulation affecting global
business, of course, nor is it the only issue that concerns
those charged with storing, processing, managing and
protecting one of the world’s most valuable assets: data.
To better understand data decision-making, McAfee®
commissioned Vanson Bourne to survey the views of
800 senior business professionals across eight countries
around the world from a range of industry sectors.
The following pages will shed light on how the
respondent organizations currently approach data
management, protection and residency (the physical
location where data is stored). This report also explores
the impact of global events such as:
¦¦
¦¦
3
Geopolitical changes in several regions, and their
impact on data
The role of data protection as a competitive advantage
¦¦
¦¦
¦¦
The degree to which organizations are aware of, and
prepared for, GDPR
The driving factors behind data residency decisions
The impact of 11 country- and sector-specific
regulations
From the dozens of fascinating findings that follow, here
are just nine:
1. Global events affect data migration plans
Nearly half of organizations plan to or say they will
migrate data as a result of political changes, including
GDPR, Brexit and changing policy approaches in the
U.S. (See Section #1)
Organizations will spend $85,000 less on average
in the United States because of U.S. government
policies. (See Section #1)
Beyond the General Data Protection Regulation (GDPR): Data residency insights from around the world
REPORT
2. Privacy sells: Data protection delivers
commercial advantage
Seventy-four percent of respondents believe
organizations that properly apply data protection
laws will attract new customers. (See Section #2)
3. Public opinion is key to data decision-making
Eighty-three percent of organizations take public
sentiment toward data privacy into account when
making data residency decisions. (See Section #2)
4. GDPR will make Europe the world’s data
leader
Seventy percent believe the implementation of GDPR
makes Europe a world leader in data protection. (See
Section #2)
5. Organizations take 11 days on average to
report a breach
GDPR requires that the local regulator is alerted
within 72 hours of a data breach or be given reasons
for the delay. Currently, it takes nearly four times as
long – 11 days on average to report a breach. (See
Section #3)
6. Organizations expect cloud service providers
to help with compliance
Eight in 10 organizations are planning, at least in
part, to leverage their cloud service provider to help
4
achieve data protection compliance. Some might be
overestimating the degree to which cloud providers
are accountable. (See Section #3)
7. Most organizations are ‘unsure’ where their
data is stored
Forty-seven percent of respondent organizations
say they know where their data is stored at all times.
That means the majority are unsure, at least some of
the time. (See Section #4)
8. The United States is the most popular data
storage destination
Forty-eight percent of organizations in our survey
expressed a preference for their data storage to
be in the U.S., followed by Germany (35 percent),
the U.K. (33 percent) and France (25 percent). (See
Section #4)
9. Only 2% of bosses say they know the
full extent of the laws that apply to their
organizations
The majority of respondents (54–74 percent) believe
their organization has a “complete understanding” of
the data protection regulations that apply to them.
In fact, just 2 percent of senior decision-makers
know all the clauses of regulations that apply to their
organizations, a reflection perhaps of the complexity
of those regulations. (See Section #5)
Beyond the General Data Protection Regulation (GDPR): Data residency insights from around the world
Please complete the form to gain access to this content