TECH SUPPLIER Sep 2018 - Market Presentation - Doc # AP43913418
Why Should Enterprises in Asia Care About EU's GDPR?
In today's digital era, data has often been touted as the "new currency," the "oil" and "lifeblood" of enterprises that offers differentiated value and a new source of revenue. European Union (EU)'s General Data Protection Regulation (GDPR) is a new regulation that took almost four years' discussion and was enforced on May 25, 2018. The GDPR has set a high bar when it comes to data protection compliance, emphasizing the digital rights of citizens in an age when the economic value of personal data is rapidly increasing in the digital economy. The strict data protection compliance is not only reflected by the hefty fine (i.e., up to 4% of global revenue or 20 million euro, whichever is greater), but also by the principle on data minimization, data protection by design, and mandatory data breach notification within 72 hours.
The new regulation is directly relevant to an Asia/Pacific (AP) organization if it has business presence in Europe (which suggests its operations there are likely to be classified as a "data controller"), and even when the organization has no business presence in Europe but sells to EU residents and collects data from them (including through web or data intermediaries) as part of normal business operations (which is very likely to be classified as a "data processor"). Data controllers and data processers are the most affected parties under the GDPR.
IDC observed that the past five years (2013–2018) marked many regulators across Asia/Pacific taking actions in reviewing and updating their respective country-specific data protection regulations to keep up with the changing technology landscape. It is very likely that governments such as Singapore, Australia, and Hong Kong will follow suit by adopting many of those principles used in GDPR in their respective local regulations.
This market presentation covers the following questions:
- What is the impact of GDPR on technology?
- What are the similarities and differences between GDPR and country-specific personal data protection regulations in Asia/Pacific and industry standards such as ISO 27001?
- What are the attitudes of organizations across industry verticals in Asia/Pacific (excluding Japan) (APEJ) toward GDPR?
- What types of vendors should organizations in Asia/Pacific work with on GDPR requirements?
- What are IDC's recommendations to security technology vendors regarding GDPR and to technology buyers in Asia/Pacific?
Veritas Technologies LLC, OneTrust LLC, CLEO COMMUNICATIONS, INC., Checkpoint Systems, Inc., AvePoint Inc., TrustArc Inc., HelpSystems, CA Technologies, Inc., Privaon Oy, Citrix Systems, Inc., BMC Software, Inc., Ipswitch, Inc.