GDPR Could Be a 'Spark for New Business Models,' IBM Survey Says
59 percent say the GDPR is a chance 'for transformation or a spark for new data-led business models.'
May 16, 2018 at 05:36 PM
3 minute read
The original version of this story was published on Corporate Counsel
Shutterstock.
A majority of companies view the General Data Protection Regulation in the European Union as a source of opportunity that can help them improve privacy and data security, according to the results of a survey released Wednesday from IBM's Institute for Business Value.
Fifty-nine percent of respondents to the survey agreed that the GDPR is a chance “for transformation or a spark for new data-led business models.” The remaining 41 percent of respondents viewed the GDPR as just another set of regulations requiring compliance.
The survey was conducted between February and April of 2018 and drew feedback from 1,500 executives, including chief privacy officers and GCs, in 34 countries and across 15 industries.
The expansive GDPR will go into effect May 25—it will set up new privacy and security requirements for companies processing data belonging to EU citizens. Noncompliant companies face fines of up to 20 million euros or 4 percent of the company's worldwide revenue from the prior year, whichever is higher.
Cindy Compert, CTO, data security and privacy, IBM Security, pointed out in an email that the GDPR is coming into effect during a time where consumers have shown distrust in the handling of their data.
“The results show that companies are connecting the dots between consumer sentiment around data privacy and GDPR, with the vast majority (84 percent) acknowledging that GDPR compliance can be viewed as a positive differentiator to the public,” Compert said in the email.
Compert said that the other companies are looking for a simple checklist, but GDPR is “more directional” and that it may be viewed as burdensome.
“Many of the requirements of GDPR are open to interpretation rather than prescriptive—for instance, implementing an 'appropriate level of security.' Additionally, we often see that those responsible for GDPR have been directed to 'go implement GDPR' without direction or executive oversight, or if the organization is not collaborating well, they may not be informed on what other parts of the organization are doing,” Compert said.
Despite the majority of respondents showing enthusiasm for the GDPR, only 36 percent said they will be fully compliant with the GDPR in time for the deadline later this month. Forty-seven percent said they have begun efforts to comply with the GDPR and 18 percent of respondents said they had not begun compliance efforts, but planned on doing so before May of this year.
Compert described coming into compliance with the GDPR as a huge undertaking and one that takes time.
“Procrastination is part of human nature, and given the complex nature of GDPR, this isn't something that can be undertaken in a matter of weeks or months for companies that have delayed until the last minute,” Compert said.
The results of the survey indicate that companies are largely struggling with certain areas of compliance. These include performing data discovery and ensuring data accuracy, complying with data processing principles, developing and updating privacy policies, getting consent from data subjects and establishing a data protection officer.
“Responding to GDPR requires involvement from all parts of the business, as well as executive level support,” Compert said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllHow Many Legal Jobs Will be Affected by AI? Law Firms Can't Agree
Legal Tech Rundown: Opus 2 Opens Office in UAE, FTI Technology Announces Launch of Multiple AI Solutions and More
Joseph Saveri Law Firm, Co-Counsel File 9th Circuit Appeal in Lawsuit Targeting GitHub's Use of Code to Train AI Models
JAMS Launches Initiative to Leverage AI Technology in Dispute Resolution
Trending Stories
- 1The Law Firm Disrupted: Playing the Talent Game to Win
- 2GlaxoSmithKline Settles Most Zantac Lawsuits for $2.2B
- 3BD Settles Thousands of Bard Hernia Mesh Lawsuits
- 4Preparing Your Law Firm for 2025: Smart Ways to Embrace AI & Other Technologies
- 5Inside Track: Late-Career In-House Leaders Offer Words to Live by
Who Got The Work
Caroline Pignatelli of Cooley has entered an appearance for law firm Cooley, partner Matt Hallinan, retired partner Michael Tu and a pair of Cooley associates in a pending fraud lawsuit related to the firm's representation of startup company Carbon IQ and founder Benjamin Cantey. The case, filed Sept. 26 in New Jersey District Court by the DalCortivo Law Offices on behalf of Gould Ventures and member Jason Gould, contends that the defendants deliberately or recklessly concealed critical information from the plaintiffs regarding fraud allegations against Cantey. Gould claims that he would not have accepted a position on Carbon IQ's board of directors or made a 2022 investment in the company if the fraud allegations had been disclosed. The case, assigned to U.S. District Judge Robert Kirsch, is 3:24-cv-09485, Gould Ventures, LLC et al v. Cooley, LLP et al.
Who Got The Work
Attorneys from Skadden, Arps, Slate, Meagher & Flom have stepped in to represent PDD Holdings, the operator of online marketplaces Pinduoduo and Temu, in a pending securities class action. The case, filed Sept. 30 in New York Eastern District Court by Labaton Keller Sucharow and VanOverbeke, Michaud & Timmony, contends that the defendants concealed information that rendered the growth of PDD unsustainable and posed substantial risks to PDD’s business, including merchant policies that made it unprofitable for vendors to do business on PDD platforms; malware issues on PDD applications; and PDD’s failure to implement effective compliance systems. The case, assigned to U.S. District Judge Pamela K. Chen, is 1:24-cv-06881, Macomb County Retiree Health Care Fund v. Pdd Holdings Inc. et al.
Who Got The Work
Robert A. Fumerton, Scott D. Musoff, Michael C. Griffin and Judith 'Judy' A. Flumenbaum of Skadden, Arps, Slate, Meagher & Flom have entered appearances for PDD Holdings f/k/a Pinduoduo in a pending securities class action. The suit, filed Oct. 1 in New York Eastern District Court by the Rosen Law Firm, contends that the defendants concealed the company's sale of goods likely produced by forced labor and its efforts to install malware on users' phones, exacerbating the risk of regulatory and public scrutiny. The case, assigned to U.S. Magistrate Judge Joseph A. Marutollo, is 1:24-cv-06950, Shaw v. Pdd Holdings Inc. et al.
Who Got The Work
Nicholas M. DePalma and Christian R. Schreiber of Venable have stepped in to represent CP Management Services, CRS RB4 Holdings and other defendants in a pending breach-of-contract lawsuit. The suit was filed Aug. 30 in Virginia Eastern District Court by Greenberg Traurig on behalf of Daito Kentaku USA. The case, assigned to U.S. District Judge Claude M. Hilton, is 1:24-cv-01538, Daito Kentaku USA, LLC v. Comstock Partners, LC.
Who Got The Work
Wyatt, Tarrant & Combs partner Andrew J. Pulliam has entered an appearance for Steve Jensen in a pending breach-of-contract lawsuit. The action, filed Aug. 30 in Tennessee Middle District Court by the Law Office of Perry A. Craft on behalf of Timothy Robins, accuses the defendant of writing a worthless check for over $94,000 for the sale of auctioned goods. The case, assigned to U.S. District Judge Eli J. Richardson, is 3:24-cv-01064, Robins v. Jensen et al.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250