According to findings from The Veritas 2017 GDPR Report, almost one-third (31 per cent) of respondents said that their enterprise already conforms to the legislation’s key requirements. However, when those same respondents were asked about specific GDPR provisions, most provided answers that show they are unlikely to be in compliance. In fact, upon closer inspection, only two per cent actually appear to be in compliance, revealing a distinct misunderstanding over regulation readiness.
“With the EU’s General Data Protection Regulations (GDPR) less than one year away, organisations around the world are deeply concerned about the impact that information non-compliance can have on their brand and loyalty of their customers,” said Jason Tooley, Vice-President, Northern Europe, Veritas.
The findings from the report show that almost half (48 per cent) of organisations who stated they are compliant do not have full visibility over personal data loss incidents. Moreover, 61 per cent of the same group admitted that it is difficult for their organisation to identify and report a personal data breach within 72 hours of awareness – a mandatory GDPR requirement where there is a risk to data subjects. Any organisation that is unable to report the loss or theft of personal data – such as medical records, email addresses and passwords – to the supervisory body within this timeframe is breaking with this key requirement.
The findings in this report suggest that organisations that think they are already compliant with the GDPR should revisit their compliance strategies. Failure to meet GDPR requirements could attract a fine of up to four percent of global annual turnover or €20 million, whichever is greater.
Tooley added: “The results today show that more education is needed on the tools, processes and policies to support information governance strategies that are required to comply with the GDPR requirements. Creating an automated, classification-based, policy-driven approach to GDPR is key to success and will enable organisations to accelerate their ability to meet the regulatory demands within the short timeframes available.”