The General Data Protection Regulation (GDPR) is just around the corner, but recent surveys show that organisations are ill-prepared for its implementation. Exchange Wire interviewed a selection of data professionals, and while 32% said they understood the new regulations fully, only 3% could actually talk about what is covered by GDPR.
This is a significantly low figure, and worrying because professionals seem to believe their awareness levels are higher than they actually are. This apparent lack of preparation is borne out by other surveys.
Lack of preparation for GDPR is widespread
McAfee found that while 25% of organisations that responded to its survey had been preparing for GDPR for three or four years, this meant that 75% were way behind in the preparation stakes. Research by the Compliance, Governance and Oversight Council (CGOC), based in Austin Texas, suggested that only 6% of the professionals they surveyed felt they, and their organisations, and were prepared for the new legislation.
Not All Bad News
The apparent lack of preparation is cause for concern, given that the new GDPR regulations commence on 25 May, 2018. But, some survey results suggest a more positive picture. Research by TrustArc (formerly TRUSTe) and the International Association of Privacy Professionals (IAPP) were aimed at identifying specific areas of risk associated with the new rules. Overall, 84% of respondents in the US said they felt ready for the changes; although the figure fell to 75% for respondents within the EU. It’s also interesting to note that professionals who felt that GDPR to did apply to them did not respond.
Those who did respond identified investment in training as the main tool for mitigating risk. Given the figures reported in most surveys, it seems as though this type of training is vital if organisations are going to successfully implement the new regulations.