Only one-in-five major organisations confident they will be ready for GDPR
Data sprawl is a significant challenge for multi-nationals
Yesterday, we reported that 38 per cent of firms don't think that they will be ready for the GDPR by March 2018. Following on from that, law firm Technology Law Alliance has told us that its research shows that fewer than one in five large enterprises are ‘highly confident' that they will achieve compliance by the time that the new regulation comes into effect.
TLA's co-founder, Jagvinder Kang, said: "On the face of it, this seems to be a shocking figure, but it can be understood if you consider the challenges which organisations are facing."
The firm's survey shows that dealing with the wide variety of systems that data is stored on, as well as a lack of internal resources and knowledge about the GDPR, are the main factors standing in the way of large organisations' compliance.
Cloud technology has eased some IT pressures, but when it comes to the GDPR it has created a whole new set. Storing data in the cloud makes it difficult to know where it is physically located (the GDPR requires that data about European citizens remain within Europe) and enhances the problem of shadow IT, which can lead to more siloed systems.
The lack of compliance confidence is, says Kang, not drawing the attention of Board members as it should be. Just over half (51 per cent) of organisations said that they were holding regular Board-level reporting about GDPR readiness: a figure that Kang called "alarming - especially as the survey responses showed that 78 per cent of organisations regarded GDPR compliance as more important than other compliance programmes."
In terms of actually preparing, around nine in 10 respondents said that their organisations are mapping data or otherwise involved in some sort of data flow activity, to locate the personal data that they hold; but only 41 per cent had an actual plan for GDPR compliance.
Kang said, "Organisations need to be wary about just undertaking resource-intensive work on data mapping, without thinking about what they are going to do with the output of it, and how the activity is going to move them to compliance. Unfortunately, too many organisations are treating the data mapping as an end in itself, when in reality it's just the start of what could be a very long journey."
TLA surveyed over 100 UK and multi-national firms, mostly with more than 1,000 employees and a £100 million+ turnover.