IT decision-makers across the globe still largely remain confused over the type of data that constitutes personally identifiable information (PII) under the EU's General Data Protection (GDPR) requirements that take effect on May 25, according to a Trend Micro survey released this week.
The survey of 1,132 IT decision makers across the globe revealed 64% of the respondents didn't realize customers' birthdates are considered PII; 42% would not tag email marketing databases as PII; 32% would not place physical addresses into a PII category; and 21% would do likewise for customers' email addresses, too.
Despite this knowledge gap, 85% of survey respondents say they have reviewed the GDPR requirements and 79% are confident their data is secure. Under the GDPR, all companies doing business in the EU will be required to adhere to new consumer privacy requirements and provide their customers with more control over the way their information is collected, disseminated, retained, and destroyed.
Companies that violate the GDPR may face a fine of up to 4% of their annual revenue or 20 million euros. Two-thirds of IT executives surveyed, however, appear dismissive regarding the potential GDPR penalties that could be levied for failing to meet the requirements, the survey found.
Read more about the survey results here.