New Survey Shows U.S. Companies Face Major Challenges Complying with EU General Data Protection Regulations (GDPR)

Identifying All Customer Data, Protection for Test Data Are Main Stumbling Blocks for Mainframe-based Companies

  • 78 percent of U.S. respondents find the complexity of modern IT services makes it difficult to know exactly where all customer data, including personally identifiable information (PII), resides.

  • 39 percent of U.S. respondents do not anonymize or leverage other techniques to depersonalize customer data before using it in application testing environments.

  • U.S. respondents report that a majority of their business data resides on mainframes, making careful data management on these platforms critical for achieving GDPR compliance.

DETROIT, Sept. 13, 2016 (GLOBE NEWSWIRE) -- Most U.S. businesses with European customers are not prepared to comply with recently-approved EU General Data Protection Regulations (GDPR), which include “right to be forgotten,” data anonymizing and customer consent mandates. U.S. companies will face fines or lawsuits from EU citizens or organizations if they don’t fully comply by the May 2018 deadline.

An independent survey of large company CIOs, conducted by Vanson Bourne and sponsored by Compuware, also showed 52 percent of U.S. companies possess data on EU citizens, making them subject to the GDPR. Primary concerns for these companies are the ability to know where customer data is at all times, and proper concealment of customer data used in testing. While the GDPR applies to customer data on all platforms, U.S. respondents with EU data noted an average of 68 percent of that data resides on mainframes.

“Businesses in breach of the GDPR after May 2018 will likely face huge fines and tarnished brand reputation, making compliance an executive-level issue,” said Chris O’Malley, CEO of Compuware. “Mainframes hold huge volumes of personal customer data that organizations must give their highest priority in overall compliance effort, including the use of data visualization and test data privacy solutions.”

Other key findings from U.S. respondents include:

  • Only 39 percent claim they would be able to identify and locate every instance of an individual’s personal data in their systems, in the event of an individual requesting removal
  • 31 percent expressed confidence they’d be able to find most, though not all, instances of personal data
  • 83 percent use live customer data in test systems when testing applications, because they believe the use of live data ensures reliable testing and accurately represents their production environment
  • 83 percent provide customer data to outsourcers for testing purposes and 78 percent agree that outsourcing makes it more difficult to pinpoint instances of customer personally identifiable information (PII)

  • 71 percent believe the emergence of mobile technologies is one factor making it more difficult to track customer data as it moves through the enterprise

GDPR regulations are designed to protect EU citizens’ ”right to be forgotten.” Any company with European customer data, regardless of its country of origin, must demonstrate its ability to remove every instance of customers’ PII across all systems or platforms at the customer’s request. The GDPR also demands customer data used in processes like application testing be masked to protect identities, even data shared with outsourcers, developers and testers.

Data visualization tools on mainframe systems can help IT administrators easily see and understand the complex interdependencies between various applications and databases. Organizations with mainframes can use these tools to better understand where customer data travels and resides, in order for it to be deleted in accordance with customer privacy requests. Test data privacy solutions can be used to disguise sensitive customer data throughout the application testing process. With more modern transactional applications (particularly mobile) ultimately connecting through the mainframe—and with DevOps and agile approaches increasing the pace and frequency of software roll-outs—proper protection of this test data becomes crucial.

“There are many important and valid reasons for U.S. companies to re-invest in advancement of their mainframe applications—including its ceaselessly growing importance to the business as the system-of-record for mobile, web, social, and IoT applications,” continued O’Malley. “Looming EU GDPR deadlines, however, make it particularly urgent that mainframe owners take action ASAP to both improve their mainframe data governance capabilities—especially when it comes to tracking and anonymizing test data—while also integrating mainframe data and application management as much as possible with the rest of the enterprise environment.”

For more details, read the full copy of the survey with analysis.

Compuware Corporation
Compuware empowers the world’s largest companies to excel in the digital economy by fully leveraging their high-value mainframe investments. We do this by delivering highly innovative solutions that uniquely enable IT professionals with mainstream skills to manage mainframe applications, data, and platform operations. Learn more at

Follow us on:

Press Contact
Kristina LeBlanc, The Medialink Group,, (508) 930-5636
Mary McCarthy, Public Relations Manager, Compuware,, (313) 227-7088.

For Sales and Marketing Information
Compuware Corporation, One Campus Martius, Detroit MI 48226, 800-521-9353,

Copyright © 2016, Compuware Corporation. All rights reserved. The Compuware products and services listed within this release are trademarks or registered trademarks of Compuware Corporation.