Mike Wake, Head of Data Management, SAS UK & Ireland.

The General Data Protection Regulation (GDPR) will go into effect in 2018, making organisations accountable for personal data protection including how and where data is stored and how it is processed within the organisation. However, according to a new survey from SAS, less than half (45%) of organisations surveyed have a structured plan in place for compliance and more than half (58%) indicate that their organisations are not fully aware of the consequences of non-compliance.

“With the masses of information on GDPR currently in the public sphere, companies generally know what it is they have to do to prepare for the upcoming regulations,” said Mike Wake, Head of Data Management, SAS UK & Ireland. “They need to properly assess all their risks, mitigate the risks they uncover and be able to demonstrate what action they have taken to achieve this. The challenge is they often don’t know where to start because of the scale and complexity of the task. Companies cannot get the assurance needed that what they are doing is definitely the right course of action because while the regulations set out what needs to be done they do not prescribe how you go about it. Compliance will be painful for many and individual teams don’t want to be the ones causing unnecessary delay and disruption.”

The SAS survey reveals:

  • Most respondents feel that GDPR will have a large impact on their organisation. However, many respondents (41%) indicate that their organisations are not fully aware of this impact.
  • Only 45% of organisations have a structured process in place to comply with GDPR, but of those only 66% think that this process will lead to successful compliance. In fact, many admit that they do not know how to determine if they are GDPR compliant.
  • Unsurprisingly, large organisations (5,000 employees+) are better equipped to handle GDPR with 54% being fully aware of the impact, compared to just 37% of small organisations.
  • Only 24% make use of external consulting to become GDPR compliant, but those with a structured process in place use external consulting more often (34%).
  • Just 26% of government organisations are aware of the impact of GDPR, the lowest of any industry segment.

Data portability and the right to be forgotten

Under the GDPR, individuals have the right to request that their personal data be erased or ported to another organisation. This brings up questions about the tools and processes organisations need to have in place. For 48% of the respondents, it’s a challenge just to find personal data within their own databases (copied data sets, CRM data, etc.). In these cases, complying with GDPR regulations will be an even more serious task.

Of the surveyed organisations, 58% have problems managing data portability and the so-called right to be forgotten. Controlling access to personal data is also a serious challenge. Large organisations and financial institutions have more difficulty finding stored personal data than other organisations.

Benefits of GDPR

When asked about potential benefits of the GDPR, 71% believe that their data governance will improve as a result. The survey also showed that 37% of organisations think that their general IT capabilities will improve as they seek to comply, and 30% agree that complying with the GDPR will improve their image. Furthermore, organisations believe that customers will reap the rewards of compliance efforts. The survey shows that 29% of organisations think customer satisfaction will be higher as they work toward GDPR compliance. Another 29% say their organisations’ external value propositions will improve.

 

 

by Bill Boyle
IBS Intelligence Senior Editor
preloader