Nearly a third of organisations still not GDPR ready
A survey gas revealed that some 28% of organisations do not feel completely compliant with the EU’s General Data Protection Regulation (GDPR).
The UK was amongst the first countries to introduce GDPR-aligned data protection legislation, so any organisations that are not GDOR-compliant are likely to be not fully compliant with the UK Data Protection Act 2018.
Almost a fifth of respondents are not confident they will pass their first GDPR audit, according to the survey by security firm Impeva conducted among attendees of Infosecurity Europe in London, almost two weeks after the GDPR compliance deadline on 25th May.
Less than half of the respondents said they were very confident they would pass the audit and just over one-third said they were somewhat confident.
Terry Ray, Chief Technology Officer at Imperva, said: “The deadline has now come and gone, yet the study shows that many organisations aren’t sure they have achieved GDPR compliance.
“Any company that put GDPR off until the last minute now realises compliance cannot be achieved overnight. It does not surprise me that many organisations feel unsure about the idea of a GDPR audit. The truth is many would fail.”
To assess organisations’ ability to respond to requests by data subjects exercising personal data rights under the GDPR, the survey asked if respondents knew where all personal data resided on their systems.
While more than a third of respondents said they did know the location of the data, more than half said they would need an extra three months to their house in order.
However, according to Stewart Room, data protection lead at PwC in the UK and globally, data breach notification is another key area that needs attention.
He said that despite having a two-year grace period until 25th May 2018 to prepare for the GDPR, many organisations did not appear to have matured their data breach notification processes over that time.Return to internet news headlines
View Internet News Archive