According to the latest data from Veritas research, organisations throughout the world may be mistaken when they claim to be in compliance with the upcoming GDPR (General Data Protection
Regulations). The GDPR report for 2017 revealed by Veritas claims that about one third of all respondents consider their enterprise to be GDPR ready, according to the key requirements of the regulations. However, when asked about specific provisions for GDPR, most of the same respondents were unable to offer answers that support their compliance.
Once inspected, only two percent of the companies surveyed seemed to actually be in compliance with GDPR. That means that today’s companies aren’t just drastically unprepared, they also don’t completely understand what regulation readiness looks like.
Are You Really Ready for GDPR?
The latest results are worrying, particularly when you consider the fact that the GDPR is less than a year away; coming into force 25th May 2018. Organisations around the world should be focused on the impact that non-compliance with information standards could have with their business and brand loyalty.
The Veritas study indicates that 48% of companies who claimed to be compliant don’t have total visibility over their personal data loss incidents. On top of that, 61% of that same group admitted that their organisation struggle to identify and report data breaches within 72 hours of awareness. This is a mandatory requirement for GDPR when there is a risk to data subjects.
Any organisation that can’t report the theft or loss of personal data, such as email addresses, medical records, or passports to supervisory bodies within the correct deadline could be breaking key requirements. This means that they would be susceptible to the huge GDPR fines of either 20 million in euros, or four percent of their annual turnover.
Better Knowledge is Needed
The results suggest that more education is required on the processes, tools and policies of GDPR, to support information governance strategies required for compliance with GDPR requirements. Creating classification-based, automated, and policy-driven approaches to GDPR is essential to success, and should enable organisations to accelerate their ability to meet with the regulatory demands set out, before the impending deadline.
