Only one-in-five major organisations confident they will be ready for GDPR

November 28, 2017

Data sprawl is a significant challenge for multi-nationals.

It has been reported recently that around 38% of companies do not think they will be ready for the GDPR by Mary 2018. Technology Law Alliance are a law firm, there research shows that less that one in five large enterprises are “highly confident” they will achieve compliance in time for when new regulations comes into effect.

TLA’s co-founder, Jagvinder Kang, said: “On the face of it, this seems to be a shocking figure, but it can be understood if you consider the challenges which organisations are facing.”

The survey shows there are two main factors which is hindering companies in achieving compliance, they are a) wide variety of systems that data is store on and b) the lack of internal resources and knowledge about the GDPR.

Cloud technology has certainly eased some IT pressures, however where GDPR is concerned it has created a new set. Using the cloud to store data can make it difficult to know where it is physically located and builds up the problem of shadow IT which can lead to more systems not talking to each other. Do bear in mind that GDPR requires data about European citizens to remain within Europe.

The lack of compliance confidence is, says Kang, not drawing the attention of Board members as it should be. Just over half (51 per cent) of organisations said that they were holding regular Board-level reporting about GDPR readiness: a figure that Kang called “alarming – especially as the survey responses showed that 78 per cent of organisations regarded GDPR compliance as more important than other compliance programmes.”

With regards to preparation, roughly nine in 10 respondents have advised their organisations are mapping data or involved in some form of data flow activity so they can locate the personal data they hold, only 41% had an actual plan for GDPR compliance.

Kang said, “Organisations need to be wary about just undertaking resource-intensive work on data mapping, without thinking about what they are going to do with the output of it, and how the activity is going to move them to compliance. Unfortunately, too many organisations are treating the data mapping as an end in itself, when in reality it’s just the start of what could be a very long journey.”

Technology Law Alliance surveyed over 100 UK and multi-national firms, most of them had more than 1,000 employees and a £100 million+ turnover.