Most Organizations Lack Structured Strategy for GDPR Compliance

The General Data Protection Regulation (GDPR) is set to take effect from 2018. This implies that organizations will be forced to be accountable for personal data protection. Only 45% of the organizations have the necessary mechanisms for compliance according to research results conducted by SAS.

The findings revealed that majority of the organizations making up 58% lack information regarding the repercussions of noncompliance. Arturo Salazar from SAS asserted that a significant number of organizations are unaware of the process to become GDPR compliant. In that regard, organizations are advised to begin with a solid data management strategy to establish technologies and policies. This will enable them to understand their data storage locations and those who can access the same.

The survey conducted by SAS underscored several key points. They included:

  • A significant number of study participants equivalent to 42% felt that their organizations lack critical information concerning the impacts of GDPR. However, they feel that it will have a substantial impact on their organizations.
  • Many organizations lack the expertise to determine if they are GDPR compliant. According to the survey, only 45% have established structured processes to comply with the GDPR. However, only 66% of these organizations believe that such procedures will ensure successful compliance.
  • Large organizations with over 5,000 employees are better equipped to manage GDPR well compared to small organizations. The research findings showed that 54% of the large organizations have sufficient information regarding the impacts compared to just 37% of the small organizations.
  • A small proportion of organizations; 24% employ external consulting strategy in a bid to becoming GDPR compliant. Institutions with established structured process tend to use the external consulting strategy often.
  • Most of the government organizations are unaware of the GDPR’s impact. Just 26% are aware according to the study results. They form the lowest of all the industry segments.

The study further indicated that 48% of the participants find it challenging to obtain their personal data stored in their databases. Specifically, large institutions and financial organizations experience more problems when finding personal data. In such a scenario, complying with the GDPR regulations becomes even difficult. In addition, the survey reveals that controlling access to personal data is an issue. It is estimated that 58% encounter serious challenges in handling data portability and the right to be forgotten.

Despite the challenges, most respondents making up 71% of the respondents believe that their data management will undergo enhancement. 37% indicated that compliance with GDPR regulations would lead to improvement in their general IT capabilities while 29% also feel that it will positively influence consumer satisfaction and their external value propositions. In addition, 30% indicated that GDPR compliance has a positive impact on their image.