Many organisations consider themselves ‘GDPR-ready,’ but this is not actually the case for all, according to research.
Over 900 organisations were surveyed globally, and from these, Veritas found that only 9% of UK businesses which claim to be ‘GDPR-ready’ are actually compliant.
Fully compliant organisations are expected to have strategies such as security and business transformation in place, all of which will be structured to meet compliance regulations.
However, a new study from Veritas Technologies found that 48 percent of organisations claim they are compliant yet they are unable to provide full visibility over personal data loss incidents. Meaning that they aren’t actually compliant.
A key requirement under the GDPR law states that organisations must be able to report the loss or theft of personal data, such as medical records, passwords and so on within 72 hours. Although, the study cited 61 percent of organisations who admitted it was difficult for them to do so.
Organisations appear to be failing to understand the importance of keeping to the requirements and in essence, following the rules. With less than a year till GDPR laws come into force, businesses are at risk of being hit by breach fines if they fail to report basic information like loss of personal data.
In 2016, the rate of UK data breach fines doubled to a huge £3.2m, with an increase of 155 percent in the number of data protection enforcement actions issued. This will only keep increasing if businesses remain ignorant towards the importance of complying with the fast-approaching regulations.
Jason Tooley, VP of Northern Europe, Veritas said: “With the EU’s General Data Protection (GDPR) less than one year away, organisation around the world are deeply concerned about the impact that information non-compliance can have on their brand and loyalty of their customers.”
Protecting personal data is crucial in any organisation and more importantly when the GDPR comes in full force. Ahead of this, organisations are advised to revisit their compliance strategies, whether they believe they are already compliant or not.
The GDPR will take effect on 25th May 2018, and is set to apply to all organisations that offer goods or services to EU residents, both in and out of the EU.