Recent GDPR Compliance Research published by Veritas has revealed that companies across the globe have an acute lack of awareness when it comes to impending obligations that will come with the new GDPR regulation.
The recent report highlights that about one-third of all respondents of the survey claim that their company is GDPR ready, however when the same respondents were asked about specific provisions of GDPR, most of the respondents to the survey were unable to provide answers to support their compliance. When the researchers probed the respondents further only an estimated two percent of companies, seem to comply with GDPR.
The data was gathered from 900 business leaders from countries such the US, the UK, France, Germany, Australia, Singapore, Japan and the Republic of Korea. 61% of the respondents admitted that their organisation struggles to identify and report data breaches within 72 hours of awareness. This 72-hour rule is a mandatory requirement for GDPR when there is a risk to data subjects. Any organisation that can’t report the theft or loss of personal data, such as email addresses, medical records, or passports to supervisory bodies within the correct deadline could be breaking essential requirements. The new 72-hour rule means that companies will be susceptible to the massive GDPR fines of either 20 million in euros, or four percent of their annual turnover.
Commenting on the research, Mike Palmer, executive vice president and chief product officer, Veritas stated that GDPR dictates that multi-national corporations should take data management seriously. The latest findings show confusion, however, over what’s needed to comply with the regulation’s mandatory provisions. With the deadline date looming ever closer, these misconceptions need to be dealt with quickly.
The results suggest that more accurate training is required around the processes, tools and policies of GDPR, to support information governance strategies needed for compliance.