Chapter 1 2 Fears of Brand Damage, Job Loss, Company Livelihood Surface as Businesses Try to Come to Grips with GDPR ComplianceDespite that fast approachingdeadline, researchcommissioned by VeritasTechnologies shows that86% of organizationsworldwide are concernedthat a failure to adhere totheupcoming General DataProtection Regulation (GDPR)could have a major negativeimpact on their business. Inaddition, almost half (47%)of organizations fear theywon¡¯t meet the requirementsof the legislation, and manyhave critical concerns aboutwhat that could mean for theiremployees and their companyas a whole. Of course, organizations areworried about the significantfines that could be levied,which could be as high as €20 million ($21.5m), or 4%of annual revenue ¨C whicheveris greater. But, the researchshows fears go much deeper.Nearly one in five (18%)respondents are worriedthat non-compliancecould ultimately put theirorganization out of business.Additionally, one in five(21%) are very worried aboutpotential layoffs, fearingthat staff reductions may bean inevitable way to offsetfinancial penalties incurred asa result of GDPR compliancefailurespanies are also worriedabout the impact non- compliance could have ontheir brand image, especially ifand when a compliance failureis made public, potentially asa result of the new obligationsto notify data breachesto those affected. NearlyThe deadline looms on the horizon: 25 May,2018. That¡¯s the day the European Unionwill enact some of the most stringent dataprivacy regulations the world has ever seen.These regulations impact thousands oforganizations around the globe - virtually anycompany that does business within the EUand holds personally identifiable information(personal data) on EU residents.one in five (19%) surveyedfear that negative media orsocial coverage could causetheir organization to losecustomers. An additionalone in ten (12%) are veryconcerned that their brandwould be de-valued as a resultof negative coverageanizations areworried about thesignificant finesthat could be levied,which could be ashigh as €20 million($21m), or 4% ofannual revenue ¨Cwhichever is greater. 25 May2018 € Chapter 1 3 Fears of Brand Damage, Job Loss, Company Livelihood Surface as Businesses Try to Come to Grips with GDPR ComplianceThe high penalties couldlead to a workforcereduction 21% The negative media or socialcoverage could cause ourbrand to be de-valued 12% We have no concerns aswe will be compliant 7% The negative media or socialcoverage could cause us to losecustomers 19% Potential shareholderlawsuits if we have asignificant data breach 8% We have no concerns about thepotential fallout from not beingin compliance with the GDPR 4% The high penalties couldcause us to go out ofbusiness 18% We¡¯ll lose market share as prospectswill think our competitors are betterstewards of data than us 8% I don¡¯t know2%¡°What concerns you the most about the potential fallout from yourorganization not being in compliance with the GDPR¡± Asked to all 900 respondents 21% 19% 18% 12% 8%8%7% 4% 2%Chapter 1 4 Fears of Brand Damage, Job Loss, Company Livelihood Surface as Businesses Try to Come to Grips with GDPR Compliance42% Not having a way to determine which datawe should save or delete based on thevalue of the data42% The research also highlightsan important finding amongthose surveyed: manyorganizations don¡¯t have theproper technology to addressthe regulations. In fact, almosta third (32%) of respondentsare worried their organizationdoesn¡¯t have the necessarytechnology to manage dataeffectively, something thatcould jeopardize their abilityto search, discover and reviewdata ¨C all essential criteria forGDPR compliance. In addition, nearly fortypercent (39%) of respondentsare worried their organizationisn¡¯t able to accuratelyidentify and locate data.This is a critical competencythe regulation mandatesconsidering that, whenrequested, businesses mustbe able to locate PII within avery short time frame. Organizations are alsoextremely concerned abouttheir ability to value data. Lack of Technology Hindering GDPR ComplianceMore than four in ten (42%)report that they do not havea way to determine whichdata should be saved. UnderGDPR, organizations canretain personal data as longas it being used for its originalintent, but must delete itonce it is no longer neededfor that purpose. Failure toadhere could result in the topfine, which has substantialramifications. Delete data from our systems that mayhave proven useful in the future39% Inability to accurately identify, locate andmanage personal data during an internalsearch 39% Not having the right tools in place tomonitor data in real time32% Not being prepared to protectpersonal data from breach, loss ordamage 30% ¡°What concerns you most about readying your business for GDPR¡±Showing the top five concerns. Asked to all 900 respondents ¡£¡£¡£¡£¡£¡£