Companies failing to prepare for GDPR compliance
The third biennial EY Global Forensic Data Analytics Survey has revealed that 40% of SA firms surveyed in its annual study are not familiar with the General Data Protection Regulation (GDPR). While 35% have a plan they are working on towards complying with regulation, a remaining 18% have not heard of the regulation and 8% are studying it and its scope.
The survey analysed responses from 745 executives from 19 countries, including 40 from SA - between October and November 2017.
The GDPR, which will come into effect on 25 May 2018, is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the EU. The regulation was adopted in April 2016.
Simeon Tassev, MD of Galix Networking, says, however, that local businesses need to first gauge the importance of complying with the regulation for their business. "Organisations, naturally, should be addressing the Protection of Personal Information Act (POPIA) first. However, organisations should still look at the overlaps and address those for both regulations simultaneously and the remaining GDPR requirements can be met as and when the organisation moves into EU markets."
According to the report, European-based firms have more positive results with an estimated 60% indicating they have a compliance plan in place - with a further 70% saying they are implementing the use of forensic data analytics (FDA) to manage risks.
Sharon van Rooyen, Africa leader for fraud investigation and dispute services at EY, explains: "There has been unprecedented development of data protection and data privacy around the world, which can create serious challenges for companies. Regulations such as the GDPR and POPIA are a direct response to these challenges. In South Africa, the soon-to-be-enacted POPIA is one such example. However, businesses that make use of FDA technologies to manage legal, compliance and fraud risks will be better able to mitigate risks while increasing business transparency."
The report further indicates that SA firms are adopting FDA techniques faster than the global average, with 78% adopting behavioural analytics and 76% adopting social media analytics and 58% venturing into AI adoption.
"FDA has a vital role to play in regulatory compliance, data protection and data privacy. Companies should aim for better integration; leverage the right technologies, data and people; and secure strong leadership support," concludes Lance Poon, Africa director for forensic technology and discovery services at EY.