How prepared are enterprises for the impending GDPR?

With less than four months until the May 25 effective date for the European Union’s General Data Protection Regulation (GDPR), a bare 6% of enterprises say they are prepared for the upcoming regulation, reveals a new research report issued today from erwin, Inc.

The company’s 2018 report does indicate broader awareness and enterprise focus for data governance, yet challenges remain in terms of understanding, executive support and financing.

Commissioned by erwin through UBM, the reports shows that 98% of respondents view data governance as either important or very important from a business perspective; however, a disquieting 46% don’t have a formal governance strategy in place.

More than one in five (21%) are just getting started, meaning they are in the data discovery and inventory phase, and 63% either don’t have a budget for data governance or don’t know if they have one. At 40% of the organisations surveyed, the IT department continues to foot the bill for data governance expenses.

>See also: A 6-step action plan for complying with GDPR

UBM surveyed North American business technology professionals representing more than 16 sectors, including financial services, government, healthcare, IT and telecommunications, about their attitudes toward data governance. Among the 118 respondents were CIOs, CTOs, data center managers, IT staff and consultants.

“The results of the State of Data Governance Report are validating but also a bit shocking,” explains Mariann McDonagh, CMO for erwin.

“The fact that 94% of organisations are not prepared for what is arguably one of the most important data privacy and security regulations in recent years – with fines up to four percent of their global revenues – is stunning. However, on the flip side, organisations are now finally recognising that governing data assets goes well beyond risk management and compliance. To fully realise the value of its data, an organization needs the ability to discover, understand, govern and socialise data assets beyond IT’s shadow. To mitigate risks and realise the desired business results, data stakeholders across the enterprise must be empowered to act as data citizens, and that includes IT and the business funding an ongoing process.”

The IT department and GDPR

Both IT and the business are responsible for data governance at 57% of the organisations surveyed. Just 34% have put IT solely in charge of data governance.

>See also: Is your business GDPR compliant? Probably not…

The IT department continues to foot the bill for data governance at 40% of organisations. Budget for data governance comes from the audit and compliance function at 20% of organisations, while the business covers the bill at just 8% of the companies surveyed.

Data governance drivers

When asked to identity the top three drivers of data governance initiatives, 60% of respondents say their biggest driver is the need to comply with regulatory mandates.

However, compliance is not the only driver with 49% seeing data governance as a way to improve customer satisfaction, and 45% use it to support better decision-making.

Reputation management and analytics are two other relatively big drivers with 30% and 27%, respectively.

Big data is another big driver with 22% of the responding organisations claiming to have more than 10 petabytes of data under management. One-fifth of respondents say big data is one of the top reasons for implementing a data governance program.

>See also: GDPR – managing your data has just become more important

The report found that 66% of respondents said that understanding and governing enterprise assets has become more important or very important for their executives. For 64%, data assets are somewhat or much more valuable to the organisation than physical assets.

Who is responsible?

68% of respondents point to the CIO as driving the process. At four in 10 – or 39% – the data architecture lead drives data governance activities, at 32% the CEO is the biggest cheerleader, and at 34% the CEO is the one advocating it the most.

Whose ready?

Less than one-third of organisations have a fully implemented data governance program. At 42% of the organisations, data governance is a work in progress.

Most of the enterprises have completed the data discovery phase and are now developing policies and processes, business rules, data definitions and classifications, while 27% have fully connected the enterprise architecture (EA) and data governance functions.

>See also: The General Data Protection opportunity

“The survey presents a cautionary tale about what enterprises need to do in 2018 to move their data governance agendas forward,” adds McDonagh.

“It shows that while the business is beginning to realise the potential of data governance, it is not entirely clear on how to justify the budget or how to move the ball forward. We suggest starting with clear goals about what you want your program to achieve, building a budget to justify it like any other business initiative, educating and involving all data stakeholders, and absolutely getting ready to meet the requirements for GDPR.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...