Tech sector “struggling” to prepare for new EU data protection laws
Companies in the technology sector are struggling to be adequately prepared for new EU data protection laws set to come into play later this year, according to a new survey.
The Financial Times polled 20 of the largest social media, software, financial technology and internet companies with EU operations about the incoming General Data Protection Regulation (GDPR).
The GDPR, which comes into play in May 2018, will control how ‘controllers’ and ‘processors’ of data treat the information they handle, making them responsible for keeping users’ personal data secure, processing it transparently for a specific purpose and, when no longer required, deleting data immediately.
The survey found that firms in the tech sector are scrambling to hire new and qualified staff to deal with the new legislation’s requirements. Redesigning products is also a challenge for many, driving costs up and harming revenues by as much as millions of dollars.
Facebook is one of three companies that estimated the costs of initial compliance at “several million dollars”. Others say they have had to hire extra staff and consultants to allow customers to either delete personal data or export it for use by another firm.
Cloud service providers including Microsoft, Amazon, IBM and Google have also voiced concerns about the new rights to be forgotten and withdraw consent, due to customer data being held in data centres on behalf of third-party partners.
According to Duncan Brown, associate vice-president of European security at IDC, most cloud companies are unprepared, because until now, customer data has largely been the responsibility of controllers rather than processors.
“Cloud providers are severely impacted by this, because they are processing data for customers, whether they know it or not,” he said. “Until now, the nature of many cloud providers has been that they don’t want to know what data they have.”