CA Technologies Study Highlights Gaps In Use Of Personal Data In Evolving Regulatory Landscape

A study commissioned by CA Technologies (NASDAQ: CA) found that current application test data management practices are not adequate to meet the compliance requirements of the EU General Data Protection Regulation (GDPR). In fact, only 31 percent of respondents believed that their organizations' current testing practices fully comply with the GDPR, which will affect any business that handles European personal data.

"With businesses across all industries increasingly expanding their global presence, the impact of new regulations such as the GDPR is going to be felt more quickly and intensely than many realize," said Jeff Scheaffer, general manager, Continuous Delivery, CA Technologies. "GDPR's definition of personal data, combined with high fines - €20 million or 4 percent of an organization's global annual revenue, whichever is greater - should put IT and application teams on high alert to safeguard personal data across both development and testing environments."

In the study titled " EU General Data Protection Regulation: Are you ready for it?," the majority of respondents were not completely confident that their organization could meet two of the key provisions of the GDPR known as the "Right to be Forgotten" and the "Right to Data Portability." When it came to identifying, erasing and providing customers with their data:
  • Only 33 percent were very confident that every piece of customer data could be identified promptly across all systems and applications.
  • Only 34 percent are completely confident that their organization can erase every instance of a customer's (test) data without delay.
  • Less than half (43 percent) would be fully able to provide a customer with their data in a format accessible by them and transmissible to other formats, and
  • A surprising 10 percent currently say that they cannot do this at all.

The study also found that organizations will need to change core processes with more than 90 percent of respondents reporting that the regulation will impact how they collect, transfer, use, process, store and send/receive personal data outside the EU. The top technological challenges identified by 88 percent of survey participants as a potential risk to GDPR compliance include:
  • sensitive data stored inconsistently (54 percent)
  • multiple copies of production data stored across the corporate network (48 percent)
  • technical debt or poorly understood data models (30 percent)
  • ad hoc sharing of test data across personal test machines (25 percent)

To meet the GDPR's May 25, 2018 deadline, almost nine in ten (89 percent) businesses stated that they need to invest in new technologies and services that include encryption (58 percent), analytic and reporting (49 percent) and test data management (47 percent) technologies.

If you liked this article you might like

CA Stock Sliding as BMC Software Merger Talks End

CA Inc. Stock Surging on Potential BMC Software Deal

Intermediate Trade: CA

Asset Sales and Restructuring in the Cards at NRG Energy After Elliott Deal

Cisco Just Added a Huge Piece to Its Software-Driven Transformation Strategy