Large firms name their three top GDPR obstacles

Surprise! They all deal with data

Large UK businesses have called data sprawl as of the most significant challenges they face as they attempt to prepare for the General Data Protection Regulation (GDPR). An exercise found that these businesses work with end users data on around 24 different systems and on average share it with around 48 other companies.

A survey commissioned by Citrix questioning 500 IT leaders showed that the huge amount of personal data businesses must deal with along with the uncertainty over data ownership, are two of the more challenges facing large companies (250+employees)

Whilst the average is around 24, 1 in 5 large businesses say they use more than 40 systems to manage their customer’s personal data. In addition, 47% of respondents did admit to sharing this data with other companies: half mentioned they share information with more than 50 external businesses.

Surprisingly most of the respondents felt quite confident they were able to keep control over the large amount of data shared, only 15% felt they had lost ‘a degree of control’ once it had been shared.

Information everywhere

On average a large business collates information from around 577 individuals each day, however, 26% said they collect information from more than 1,000 people over the same time frame, this results in massive amounts of information which they find difficult to process.

That said, 40% of respondents advised Citrix not all of the data they store is used, with 8% advising they never use any of it.

Even if they didn’t do anything with it, nearly 60% of companies store personal data for more than 12 months and 25% storing if for over 5 years, knowing where this data is and having the ability to access it is a KEY requirements for GDPR compliance.

Divided on data ownership

There are many questions and disagreements on ownership of data, 50% of businesses think it is owned by the business and only 27% think it is owned by the customer.

Understanding who owns data is another crucial part of the GDPR process, not surprisingly 38% of respondents do not feel they are ready. 2 lots of important information is being fed back by businesses, 1) They say current control access policies are not sufficient to comply with regulation or 2) Admitting honestly they have ‘no idea’ whether they can comply.

Around 52% or large companies perform data privacy impact assessments for ‘all or most’ of the personal data they hold, this is a very important step towards implementation of data privacy policies.

To ensure these are in place it needs for businesses to know where their data along with who can access it, however lots of companies are losing the visibility that they need along with struggling to store data.

GDPR strives to protect yours and your customer’s personal information in this new digital age.

entrustIT can provide the resource, consultancy and implementation your organisation needs to ensure you are fully compliant.

The white paper below aims to cut through the noise, explain the regulation and pull out the salient points for SMEs, and or give us a call and we can talk you through this:- 0330 002 0045.

http://www.entrustit.co.uk/essentialgdprwhitepaper/