More than half of organizations have failed to begin any work on meeting minimum General Data Protection Regulation (GDPR) compliance, according to a study conducted for Veritas Technologies by Vanson Bourne.
Intended to harmonize data security, retention and governance legislation across European Union (EU) member states,GDPR requires greater oversight of where and how sensitivedata—including personal, credit card, banking and health information—is stored and transferred, and how access to it is policed and audited by organizations. GDPR will not only affect companies within the EU, but extend globally to the U.S. and other countries,impacting any company that conducts business in the region or with an EU organization.
The research findings fromThe Global Databerg Report– which surveyed more than 2,500 senior technology decision makers in 2016 across Europe, the Middle East, Africa, the U.S. and Asia Pacific—reveal 54 percent of organizations have not advanced their GDPR compliance readiness.
With a quarter of the EU’s grace period over before the legislation takes effect in May 2018, the responses bring into focus a number of operational, compliance and planning issues, in particular the ownership of GDPR processes and the ability to implementdata cleansing policies and end of life requirements.
Unclear Executive Ownership of GDPR
Findings from the research revealed a lack of preparedness for GDPR and confusion over who is ultimately responsible for its adherence and compliance. Almost onethird, or 32 percent, of survey respondents believe the Chief Information Officer is responsible for GDPR, compared to 21 percent for the Chief Information Security Officer, 14 percent for the Chief Executive Officer and 10 percent for the Chief Data Officer.
According to the survey, those individuals responsible for implementing a GDPR process also face a variety of risks if data is not handled properly. Just under one third, or 31 percent, of respondents were worried about reputational damage to their organizationsfrom poor data policies, while almost 40 percent were fearful of a major compliance failing within their business.
Data Pressure Points
Fragmentation of data and loss of visibility are among the biggest data challenges organizations face, making it more difficult to comply with GDPR regulations. An estimated 35 percent of those surveyed flagged this issue as their biggest concern. In particular, the rise of unmanaged cloud-based file storage and consumer file-sharing services in the enterprise raised fears about future compliance issues.
A quarter ofrespondents admitted to using cloud-based services, such as Box, Google Drive, Dropbox, EMC Simplicity or Microsoft OneDrive, against their current company policies. Another 25 percent reported running unrecognized off-site file storage services, making iteven harder for IT departments to manage their use with recognized tools.