CIO OPINION

A majority ( 56 %) aren ’ t done discerning what data third parties have or the potential implications of GDPR on third party contract management . Some ( 10.2 %) have yet to begin addressing third party GDPR compliance at all .

Vestuto added : “ Among the biggest GDPR compliance challenges is third party contract management . Under GDPR , organisations are responsible for ensuring privacy protection of EU-regulated data shared with or used by vendors and service providers , which requires those organisations to know who their vendors are and precisely what data those third parties hold . Updating or renegotiating contracts and agreements may help ensure third parties are GDPRcompliant when using your organisation ’ s EU-regulated data .”

Discovery challenges loom for 30 %

Discovery will be harder for their organisations now that the GDPR is enforceable , according to 30.6 % of respondents . Surprisingly , 18.6 % expect discovery to actually become easier under GDPR . Some ( 17.2 %) expect no change to their organisations ’ discovery practices as a result of GDPR taking effect .

“ Even those professionals closely involved in GDPR compliance may not fully appreciate the implications the new rules may have for discovery related to regulatory inquiry responses , litigation and internal investigation proceedings , as well as other aspects of their businesses ,” Vestuto cautioned .

Scalability is key as more jurisdictions add data privacy rules

Nearly half of respondents ( 48.2 %) say their organisations ’ data privacy programmes are scalable to address pending rules in other jurisdictions even if their immediate focus is GDPR . Also , 19.8 % report that their organisations ’ programmes are focused solely on GDPR without scalability , potentially leaving them unprepared to deal with new rules elsewhere .

Vestuto concluded : “ Other jurisdictions beyond the EU are enacting more stringent data privacy protections . Data privacy programmes should be scalable and requirements rationalised on a global basis to ensure that organisations are able to address current and pending rules in various jurisdictions as needed .”

Intelligent CIO Europe spoke to Steve Armstrong , Regional Director UK , Ireland and South Africa at Bitglass , who described the responsibilities companies face when managing their data . “ The vast majority of business enterprises are now using cloud services in some form , swayed by the promise of more efficient IT processes and the long-term cost benefits on offer . However , with the EU ’ s General Data Protection Regulation ( GDPR ) now in play , enthusiasm for the use of cloud applications could be somewhat dampened .

52 INTELLIGENTCIO www . intelligentcio . com