Nearly half (48%) of global organizations plan to migrate their data to a new location because of regulations like General Data Protection Regulation (GDPR), which will toughen and unify laws protecting personal data for over 500 million people residing in the European Union.
A McAfee report entitled Beyond GDPR: Data residency insights from around the world, based on a survey of 800 senior business decision-makers from across multiple industry sectors and eight countries, found that 70% of respondents believe the implementation of GDPR will make Europe a world leader in data protection; however, the United States remains the most popular data storage destination, preferred by nearly half of all organizations surveyed.
“It’s critical that businesses do everything they can to protect one of the world’s most valuable assets: Data,” said Raj Samani, chief scientist and fellow at McAfee. “The good news is that businesses are finding that stricter data protection regulations benefit both consumers and their bottom line. However, many have short-term barriers to overcome to become compliant, for example, to reduce the time it takes to report a breach.”
Overall, the report reveals conflicting beliefs about data protection regulations. While global events and a tightening of data protection rules gives senior decision-makers pause when determining their company’s technology investment, most organizations look to store their data in those countries with the most stringent data protection policies. Clearly, there is recognition that, while businesses might not like strict compliance laws, they are beneficial to both customers and a company’s bottom line, even providing a competitive advantage in some cases. Moving forward, increased awareness and understanding about a company’s data assets will lead to better usage and protection.
For instance, the report found that data protection delivers commercial advantage. About three-quarters (74%) of respondents believe organizations that properly apply data protection laws will attract new customers.
However, respondents also believe that regulations and policies present barriers to technology acquisition and investment. Approximately two-thirds say that GDPR (66%), US policies (63%) and Brexit (63%) either already have or will impact their organization’s technology acquisition investments, while approximately 20% don’t yet know how these issues will impact their spending.
More specifically, half (51%) of all respondents say their organization is being held back from technology investment because of external data protection regulations.
Gaining expertise in data handling remains an issue. The report showed that most organizations are ‘unsure’ of where their data is stored. Only 47% of organizations know where their data is stored at all times. The majority are unsure, at least some of the time.
Further, only 2% of management really understand the laws that apply to their organizations. While a majority of respondents (54%) believe their organization has a “complete understanding” of the data protection regulations that apply to them, just two% of senior decision-makers know all the clauses of regulations that apply to their organizations.
Perhaps it’s no wonder that organizations put faith in cloud service providers. Eight in 10 respondents’ organizations are planning, at least in part, to leverage their cloud service provider’s responsibility to ensure data protection compliance.