CIO OPINION

A majority( 56 %) aren’ t done discerning what data third parties have or the potential implications of GDPR on third party contract management. Some( 10.2 %) have yet to begin addressing third party GDPR compliance at all.

Vestuto added:“ Among the biggest GDPR compliance challenges is third party contract management. Under GDPR, organisations are responsible for ensuring privacy protection of EU-regulated data shared with or used by vendors and service providers, which requires those organisations to know who their vendors are and precisely what data those third parties hold. Updating or renegotiating contracts and agreements may help ensure third parties are GDPRcompliant when using your organisation’ s EU-regulated data.”

Discovery challenges loom for 30 %

Discovery will be harder for their organisations now that the GDPR is enforceable, according to 30.6 % of respondents. Surprisingly, 18.6 % expect discovery to actually become easier under GDPR. Some( 17.2 %) expect no change to their organisations’ discovery practices as a result of GDPR taking effect.

“ Even those professionals closely involved in GDPR compliance may not fully appreciate the implications the new rules may have for discovery related to regulatory inquiry responses, litigation and internal investigation proceedings, as well as other aspects of their businesses,” Vestuto cautioned.

Scalability is key as more jurisdictions add data privacy rules

Nearly half of respondents( 48.2 %) say their organisations’ data privacy programmes are scalable to address pending rules in other jurisdictions even if their immediate focus is GDPR. Also, 19.8 % report that their organisations’ programmes are focused solely on GDPR without scalability, potentially leaving them unprepared to deal with new rules elsewhere.

Vestuto concluded:“ Other jurisdictions beyond the EU are enacting more stringent data privacy protections. Data privacy programmes should be scalable and requirements rationalised on a global basis to ensure that organisations are able to address current and pending rules in various jurisdictions as needed.”

Intelligent CIO Europe spoke to Steve Armstrong, Regional Director UK, Ireland and South Africa at Bitglass, who described the responsibilities companies face when managing their data.“ The vast majority of business enterprises are now using cloud services in some form, swayed by the promise of more efficient IT processes and the long-term cost benefits on offer. However, with the EU’ s General Data Protection Regulation( GDPR) now in play, enthusiasm for the use of cloud applications could be somewhat dampened.

52 INTELLIGENTCIO www. intelligentcio. com