Organisations failing fundamental preparation for GDPR as May deadline looms

Study finds that only 11% even understood what constituted personal data within their organisation.

  • 6 years ago Posted in
A huge majority of organisations around the world are failing to make even fundamental GDPR preparations, according to the findings of a globally sourced survey by Commvault; with only 12% saying they are ready for implementation next May.
 
Key to compliance with GDPR are several fundamental data management and access requirements placed on all organisations across the EU, as well as those beyond, dealing with EU customer data, which comes into effect on May 25 2018.
 
The survey revealed some stark findings in regards to the specific management of individual’s personal information, with only 18% of organisations surveyed stating that they had the capability to delete data on request from all data stores.  Only 9% believed they could effectively anonymise their data when required, and fewer still believed they would be able to collate and move data to another organisation at an individual’s request (8%).
 
In regard to other personal data management critical to GDPR requirements, such as ‘The Right To Be Forgotten’, only 16% of organisations polled said they were confident that they could immediately find data related to specific individuals. 36% indicated that it would take hours to collect this data; 25% said it would take days, 18% said it would take weeks and 5% actually admitted that there was no way they could find this data, rendering not just GDPR compliance, but also ‘The Right To Be Forgotten’ entirely ineffective.
 
Furthermore, the study revealed that 89% of organisations and IT personnel admit to still being confused by key elements of the regulation, revealing considerable gaps between current knowledge, and the required fundamental implementations required to establish a data management strategy to enable GDPR compliance:
 
·      Only 21% feel they have a good understanding of what GDPR means in practice
·      Only 18% said they understood what data their company has and where it lives
·      Only 17% understood the potential impact of GDPR on the overall business
·      Only 12% understood how GDPR would affect cloud services
·      Only 11% said they understood what constituted personal data
 
“As a result of this lethargy, it is highly likely that we will see a number of high profile organisations hitting the headlines for contravening GDPR soon after it comes into effect next May, mainly due to a lack of understanding of the data they hold and its relationship to GDPR,” said Nigel Tozer, solutions marketing director, EMEA, Commvault.
 
“Becoming GDPR compliant is not simply a matter of flicking a switch. If organisations are to avoid the risk of fines, or a ban on processing personal data, in addition to potentially crippling damage to brand identity, companies need to act. Unfortunately, there is still a big disconnect between business and IT leadership on GDPR, with the business thinking there is a switch to flick, and IT still thinking it’s a business process problem. 
 
“The truth is that realigning IT processes around personal data can actually help with digital transformation or modernisation programs, and changes to get in line with GDPR could reduce overall budget share on both programs. This sort of alignment can deliver many efficiencies and business benefits, but if not dealt with now, organisations will not be ready for May the 25th,” finished Tozer.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...