Organisations across the globe mistakenly believe they are in compliance with the upcoming General Data Protection Regulation (GDPR), according to a new study from Veritas Technologies.
The Veritas 2017 GDPR Report claims almost one-third (31 percent) of respondents said that their enterprise already conforms to the legislation's key requirements. However, when those same respondents were asked about specific GDPR provisions, most provided answers that show they are unlikely to be in compliance.
Once inspected, only two percent actually appear to be in compliance, revealing a distinct misunderstanding over regulation readiness.
“With the EU's General Data Protection Regulations (GDPR) less than one year away, organisations around the world are deeply concerned about the impact that information non-compliance can have on their brand and loyalty of their customers,” said Jason Tooley, vice president, Northern Europe at Veritas in a company statement.
The findings from the report show that almost half (48 percent) of organisations who stated they are compliant do not have full visibility over personal data loss incidents. Moreover, 61 percent of the same group admitted that it is difficult for their organisation to identify and report a personal data breach within 72 hours of awareness – a mandatory GDPR requirement where there is a risk to data subjects.
Any organisation that is unable to report the loss or theft of personal data – such as medical records, email addresses and passwords – to the supervisory body within this timeframe is breaking with this key requirement.
The findings in this report suggest that organisations that think they are already compliant with the GDPR should revisit their compliance strategies. Failure to meet GDPR requirements could attract a fine of up to four percent of global annual turnover or €20 million, whichever is greater.
Tooley added: “The results today show that more education is needed on the tools, processes and policies to support information governance strategies that are required to comply with the GDPR requirements. Creating an automated, classification-based, policy-driven approach to GDPR is key to success and will enable organisations to accelerate their ability to meet the regulatory demands within the short time frames available.”