Japanese companies sluggish to get compliant with new EU data secrecy laws: Reuters poll

JUNE 23, 2018


About a quarter of Japanese companies have made progress on meeting a few of the easier requirements under Europe’s new data secrecy rules while about another 20 percent plan to do so, a Reuters survey found.

However, the number of firms who say they are presently prepared to cope with more difficult laws, such as those pertaining to data breaches and coping with requests to provide private data to clients – drops radically to just some.

The outcomes of the Reuters Corporate Survey, carried out June 4-15, indicates just modest progress by Japanese companies in their efforts to deal with the new European Union General Data Protection Regulation, or GDPR, which took effect last month.

The laws, intended to safeguard the online data of European people, apply to all companies that provide goods and facilities within the union, irrespective of whether they have incorporated units. Breaches can cause fines of up to 4 percent of global income or 20 million euros, whichever is higher.

The survey, carried out for Reuters by Nikkei Research, indicated that 26 percent of companies have updated data secrecy plans to take into account requirements like the need for clear language and the seeking of positive approval, often effectively an opt-in email.

Eight percent said they are working on the problem while another 15 percent say they intend to.

Similar numbers might also be seen in reply to a query concerning whether firms have generated the post of data safety officer or if they have appointed somebody particularly responsible for data safety.

Some 539 big and medium-sized companies were surveyed in the survey. About 215 replied to queries concerning GDPR, replying incognito so they can convey views more freely.

A lot of companies noted they didn’t believe the laws would directly affect them as they didn’t do business in Europe.

Some laws are, however, proving harder to meet than others.

Only 7 percent of firms stated they were presently in a situation to abide by a law requiring them to inform authorities of the data breach within 72 hours of becoming conscious of a breach and to inform people affected by a high-risk breach without unnecessary delay.

Ten percent said they were working on it whereas another 25 percent said they plan to.

A similar tendency might be seen with the law requiring firms to provide private data free to EU clients should they request it.