Exonar, a leading provider of General Data Protection Regulation (GDPR) data mapping and data inventory solutions, has announced the results of its UK GDPR Preparedness Survey which found that 77% of respondents say they are on course to be GDPR compliant by May 2018.
The results of the survey were largely positive, with 61% of IT and Data Protection professionals stating they are on course for GDPR compliance (26% have a plan and started preparations, 6% already compliant, 23% ready for May 2018). A further 16% added that they have a plan but have not started to implement it yet.
The survey also found that data security may be the hidden gem behind the GDPR, with a combined 84% stating that they expect their business data will become more secure due to an audit to identify personal data (52%) or as a result of data storage and handling improvements (32%).
However, the results demonstrated that substantial roadblocks will need to be overcome in a short space of time for a large number of businesses. 15% reported that they don’t have the funds to get their GDPR plans off the ground, while 20% say they don’t have time to focus on it. A further 18% admitted that they don’t know where their data is.
Startlingly, 6% are waiting for Brexit in the hope it will mean that GDPR won’t apply to them. Under the terms of the GDPR, UK businesses will still have to comply if the data they handle concerns EU citizens, or has the potential to identify individuals within the EU.
The results also suggest there is some confusion over who will take responsibility for GDPR compliance within a business, as only 29% of respondents had a dedicated Data Protection Officer (DPO).
Most respondents believed that IT holds the data protection role (42%). This is despite the terms of the GDPR, which state that all organisations with more than 250 employees must employ a DPO. This person will be responsible for ensuring that a business collects and secures personal data responsibly.
Exonar’s CEO Adrian Barrett commented: “Although the overall results were positive, significant challenges still remain in the form of time, money and understanding over the reach and implications of the new regulation. It’s clear some companies are shackled and their plans aren’t progressing or even formulated. This situation is often worsened by a lack of project leadership and failure to identify responsibility.
“Businesses must ensure they fully understand the new regulations and, crucially, understand how, where and why their data is currently being processed. For most, a period of data discovery needs to be undertaken before they can put a plan into action and it needs to be done quickly as time is running out. To that end, new technology such as Big Data and Machine Learning will prove invaluable in speeding up the first steps to secure data handling.”