A large amount of businesses are unprepared for the arrival of General Data Protection Regulation next May; one in five senior executives have little or no idea about GDPR and its impact.
Despite the deadline for GDPR compliance being under a year away, the lack of knowledge around the subject will leave businesses struggling, unless businesses connect with support and involvement from executives, they will struggle to ensure GDPR compliance before May, a survey revealed.
Almost a quarter of businesses reportedly don’t have a clear understanding of what they need to do regarding movement of data across their businesses. Survey findings, from Alfresco and AIIM, revealed almost half of respondents reported GDPR content for their business isn’t kept within the business itself but third parties such as partners and suppliers, increasing the risk of hacks and not knowing exactly where data resides.
A further 16% admitted internal or HR incidents were the cause of data loss because of staff’s negligence to data as oppose to external hacking being responsible.
George Parapadakis, Director of Business Solutions Strategy at Alfresco said: “While data breaches are an increasing occurrence, they are less often due to unauthorised hackers, but more frequently due to human error, negligence, or the lack of clear policy.
“This is where strong information governance combined with training, technology, enhanced security measures, and regular auditing of an organisation’s data ecosystem come in. GDPR should be seen as a positive motivator, an opportunity to improve business efficiency by applying structured, disciplined, and secure processes to manage data.”
One of the most important priorities for businesses in the lead up to the legislation date is to develop stronger governance policies for information, revealed 74% of respondents. Other priorities in preparation for GDPR include developing and conducting regular training and communications from 57% of respondents and maintaining data quality and integrity.
The survey by Alfresco and AIIM revealed the importance of a ‘holistic approach’ to GDPR by combining governance, training, process & security with 86% of respondents acknowledging that GDPR cannot be seen as a ‘one off siloed’ project.
Once a clear strategy is put into place, businesses must begin with the basics of determining their data origin, purpose, residence, justifications and consents and implement the correct measure to manage this. If not outlined, unstructured data and application systems including email, content management and share devices are reported as business areas expected to feel the brunt of GDPR requirements according to 32% of the survey.
The movement of data across systems and organisations is an essential part of day-to-day business activity and must the security of movement must be considered as much as it’s physical location as there are multiple potential weak points where a data breach could occur.
The most practical solution would be for businesses to identify what content comes under the legislation, then apply the appropriate measures to manage this and develop a clear understanding of what businesses are required to do with the movement of data internally and externally to ensure data is protected.
Paparadakis said: “Brexit is dominating the business agenda in the UK, so GDPR has unfortunately fallen down the pecking order. Coupled with the confusion still surrounding the implementation of GDPR by local regulators, it’s no surprise that our survey shows only a quarter (23%) will be fully prepared for GDPR by next May.”
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.