Survey finds that Less than Half of Organizations have GDPR Compliance Plan

The findings of research conducted by, statistical software giant, SAS reveal that just 45% of organizations have developed a structured plan in response to the forthcoming General Data Protection Regulation (GDPR). This puts a majority of the organizations in a position that would potentially jeopardize their business operations after the law takes effect.

Worst still, 58% of the leaders confirm that their institutions are unaware of the legal consequences they would face for noncompliance. Failure to know the noncompliance repercussions, as the study indicates, cast serious doubts on their preparations. Most organizations may not beat the compliance deadline given that they unaware how to become GDPR compliant.

Although most study participants appreciate the fact that the new law will alter their business activities, 42% of them indicate that their companies are not informed of the impact the law will have on their daily operations. Some organizations have made significant strides in terms of creating structured strategies to becoming compliant. However, only 66% of them believe that having such strategies in place would lead to successful compliance. This implies that many organizations lack confidence in their preparations.

Large organization better equipped for compliance

Large organizations with over 5,000 employees are in a position to gain a competitive advantage over the small firms. They are better equipped to manage the new EU law. In addition, the majority of them (54%) are aware of the impact of the legislation compared to 37% of the small businesses. Organizations with structured processes seem to incorporate different strategies to meet the legal requirements. The study shows that they tend to embrace external consultations frequently compared to the companies without structured strategies. Only 24% of them conduct external consulting compared to 34% of those with processes in place.

The study reveals that government agencies are mostly unconcerned with the impact of the GDPR. The majority of them (76%) are not aware of the law’s effects on business. 48% of the interviewees confirmed that retrieving their personal data from their databases was a major problem. This finding raises fundamental issues about the companies’ ability to fulfill the Subject Access Requests as well as the right to be forgotten. In these cases, many companies may still have a long way to go as far as GDPR compliance is concerned. They might have to develop additional tools and processes to enable them to satisfy requirements. According to the study, 58% of the organizations still experience significant challenges with data portability and data erasure.

Financial institutions and large organizations experience the most challenges when it comes to finding stored personal data. These firms need to invest heavily in processes and structures that would enable them to control access to personal data within their organizations. This is important as the new law puts special emphasis on data privacy and delineates stringent conditions when handling the same.

GDPR’s Positive Influence

The majority of the study participants (71%) believe that GDPR will improve data governance. Preparations for compliance will influence IT structures positively in many organizations. According to the research, 37% of the respondents felt that their general Information Technology expertise will improve in the process of complying with the EU legislation. In addition, several of them think that their image will also be positively influenced.

Organizations believe that customers will be the biggest beneficiaries of the compliance efforts. 29% of the companies indicate that customer satisfaction will be high as a result of organizations’ compliance with GDPR. A similar percentage of companies think that their external value of proportions will improve.