GDPR Readiness?: 62% of businesses at high risk of non-compliance

Compuware Corporation, the mainframe-dedicated software company, has released new research revealing that, despite making progress over the past 12 months, the majority of European and US businesses are still inadequately prepared to comply with the new EU General Data Protection Regulation (GDPR), due to be enacted next year.

While the majority is still at high risk, GDPR readiness has generally improved, with 67% of European organisations stating they are well-briefed on the GDPR and the impact it will have on the way they handle customer data; an improvement from 55% when the same question was asked last year.

Of the 94% of US organisations that possess European customer data, 86% claim to be well briefed on the GDPR and its impact on the way they handle that data; a significant rise from the 73% who responded affirmatively when asked the same question last year.

>See also: UK financial institutions are unprepared for MiFID II legislation

Only 38% of all respondents have a comprehensive plan in place for how they will comply with GDPR, leaving the majority at risk for non-compliance fines. This is only a slight improvement from the 33% who had a comprehensive plan in place last year.

However, the findings revealed that US organisations are better prepared for the EU GDPR than their European counterparts. 60% of US respondents with European customer data said they have a detailed and far-reaching plan in place, marking a slight rise from 56% that had plans last year. The UK was least prepared, with just 19% of organisations having a detailed plan in place, rising only slightly from 18% when the question was asked last year.

“Businesses are clearly heading in the right direction on GDPR compliance, but there is still a long way to go in a very short timeframe,” said Dr Elizabeth Maxwell, PDP, technical director, EMEA, Compuware. “UK businesses may be behind due to initial uncertainty over the impact of Brexit. But any organisation doing business in Europe will need to fall into line by the May 2018 deadline. Failure to comply could lead to devastating consequences should a data breach occur, something all too common given the growth of cybercrime and insider threats.”

>See also: GDPR compliance: what organisations need to know

Compliance hurdles

Identifying the areas of biggest concern, 56% of all respondents said that data complexity and ensuring data quality are the two biggest hurdles they will need to overcome to achieve GDPR compliance.

In addition, 75% of organisations said the complexity of modern IT services means they can’t always know where all customer data resides, whilst just over half (53%) said they could locate all of an individual’s data quickly, as will be required to comply with the “Right to be Forgotten” mandate included within the GDPR. Most worryingly of all, nearly a third (31%) admitted that, at present, they couldn’t guarantee they would be able to find all of a customer’s data.

>See also: Companies ‘at risk’ from negating resource compliance

“It will be impossible to comply with the GDPR’s Right to be Forgotten if organisations can’t find customer data,” continued Maxwell. “Due to its security and scalability, most large organisations store most of their customer data on the mainframe. This data usually resides in a complex rabbit warren of databases spanning multiple systems, and organisations use manual, time-consuming methods to find and extract it. Businesses need an automated way to map and visualise data relationships, so they can quickly find the specific and relevant data and delete it, without needing specialist skills.”

Commissioned by Compuware and conducted by independent research company Vanson Bourne, the survey was administered to 400 CIOs at large companies covering a cross-section of vertical markets in France, Germany, Italy, Spain, the UK and the US.

 

The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

GDPR