Global survey shows that 89% of organisations are still confused by GDPR

Although the implementation of GDPR is less than six months away, a huge majority of organisations around the world are failing to make even fundamental GDPR preparations, according to the findings of a globally sourced survey by Commvault; with only 12% saying they are ready for the implementation.

The regulation comes into effect on May 25 2018, and will see organisations across the EU, as well as those beyond that deal with EU customer data, having to comply with the new guidelines. This includes several fundamental data management and access requirements being placed.

Commvault’s survey revealed some glaring findings in regards to the specific management of an individual’s personal information. Only 18% of organisations surveyed stated that they had the capability to delete data on request from all data stores. A small 9% believed they could effectively anonymise their data when required, and even fewer still believed they would be able to collate and move data to another organisation at an individual’s request (8%).

In regards to other personal data management critical to GDPR requirements, such as ‘The Right To Be Forgotten’, only 16% of organisations polled said they were confident that they could immediately find data related to specific individuals. 36% indicated that it would take hours to collect this data; 25% said it would take days, 18% said it would take weeks and 5% actually admitted that there was no way they could find this data, rendering not just GDPR compliance, but also ‘The Right To Be Forgotten’ entirely ineffective.

Furthermore, the study revealed that 89% of organisations and IT personnel admit to still being confused by key elements of the regulation, revealing considerable gaps between current knowledge, and the required fundamental implementations required to establish a data management strategy to enable GDPR compliance:

  • Only 21% feel they have a good understanding of what GDPR means in practice
  • Only 18% said they understood what data their company has and where it lives
  • Only 17% understood the potential impact of GDPR on the overall business
  • Only 12% understood how GDPR would affect cloud services
  • Only 11% said they understood what constituted personal data.

“As a result of this lethargy, it is highly likely that we will see a number of high profile organisations hitting the headlines for contravening GDPR soon after it comes into effect next May, mainly due to a lack of understanding of the data they hold and its relationship to GDPR,” said Nigel Tozer, solutions marketing director, EMEA, Commvault.

“Becoming GDPR compliant is not simply a matter of flicking a switch. If organisations are to avoid the risk of fines, or a ban on processing personal data, in addition to potentially crippling damage to brand identity, companies need to act. Unfortunately, there is still a big disconnect between business and IT leadership on GDPR, with the business thinking there is a switch to flick, and IT still thinking it’s a business process problem.

“The truth is that realigning IT processes around personal data can actually help with digital transformation or modernisation programs, and changes to get in line with GDPR could reduce overall budget share on both programs. This sort of alignment can deliver many efficiencies and business benefits, but if not dealt with now, organisations will not be ready for May the 25th,” finished Tozer.***

The survey of 177 global IT personnel was conducted in October 2017 by Commvault. For more information about how your organisation should be formulating a cohesive strategy in advance of May 25, visit the Commvault Newsletter featuring Gartner Insights on how to prepare for GDPR.