Businesses are late in implementing the EU General Data Protection Regulation (GDPR), according to EY Global Forensic Data Analytics Survey 2018.
The survey is based on 745 interviews in 19 countries with companies using FDA. Respondents were decision-makers who have risk management responsibilities, particularly in legal, compliance and fraud functions.
GDPR, which comes into effect on 25 May 2018, aims at unifying data protection laws across the EU. It applies to all companies, regardless of location, that process the personal data of people living in the EU. It, therefore, has immense extraterritorial reach and carries significant potential financial penalties.
However only 33% of EY’s survey respondents had a plan to address GDPR compliance. Another 39% of respondents indicated that they are not at all familiar with GDPR and 17% said that they have heard of the GDPR but have not yet taken any action.
Only 13% of respondent companies across the Americas and only 12% in Asia-Pacific have a compliance plan that addresses GDPR. In Europe, 60% of companies indicating they have a compliance plan in place. Specifically, 80% in Germany, 68% in the UK and 73% in Ireland indicated that they have a compliance plan.
EY Global FIDS leader Andrew Gordon commented: “Two risks come into sharp focus in this survey: 1) regulatory compliance, 2) data protection and data privacy. We heard from companies around the world that expressed growing concern in these areas and identified real challenges to overcome. This year’s Global Forensic Data Analytics Survey findings show that this is where [forensic data analytics] has a vital role to play.”
The survey is available here.