With less than a month to go before organizations are required to comply with the General Data Protection Rule (GDPR) that the European Union has pledged to enforce starting May 25, it appears organizations are finally reaching out to external experts for help.
A survey of 183 business executives conducted by SAS Institute, a provider of data analytics software, finds that 76 percent of respondents said they have obtained or plan to obtain consulting or legal support.
A full 93 percent of the survey respondents admit they are not yet fully GDPR compliant. Less than half (46 percent) of the global organizations surveyed reported that they expect to be compliant when GDPR goes into effect. Among surveyed U.S.-based organizations, just 30 percent expect to meet the deadline. In comparison, 53 percent of the EU organizations expect to meet the deadline. Fines for missing that deadline could be as high as 4 percent of an organization’s global revenues should it be determined an organization willfully did not delete all personal information about an individual when requested.
Last-minute preparations
Business executives appear to have a more sanguine attitude toward the realities of achieving GDPR compliance than IT executives, many of whom seem to think a last-minute push for compliance could save the day. Business executives, conversely, appear more likely to value the services of a managed service provider (MSP) with proven GDPR expertise.
Well over half (58 percent) of global respondents claim to have a structured plan in process to comply with GDPR, and another 35 percent plan on having one soon. Only 15 percent of U.S. respondents and 4 percent of EU respondents said their organization had no plans to develop a structured process to comply. Identifying all sources of stored personal data, followed by acquiring the skills to manage GDPR compliance, were listed as the top GDPR challenges organizations face.
Organizations now appear to be comprehending that GDPR compliance is not a one-time event. Nearly two-thirds (63 percent) of respondents said GDPR will have a significant effect on how their organization conducts business. Three-quarters (75 percent) said GDPR compliance will have a significant effect on their IT operations.
On the plus side 84 percent of all respondents and 91 percent of European Union respondents said they expect GDPR to improve their data governance. A total of 68 percent said they also anticipate that GDPR will increase trust between them and their customers.
Misplaced bets
Without throwing massive amounts of resources at achieving compliance, most organizations that are not compliant today are probably not going to achieve compliance by May 25. They are betting that the number of people who will ask them to delete their personal data will be something their organization can handle manually. The trouble is that there are so many copies of data residing in an organization that it’s inevitable those bets will be misplaced. Business executives also expect that if there is ever an issue involving a GDPR audit, most organizations will be let off with a warning rather than a substantial fine.
Whatever the outcome, it’s clear GDPR compliance will have a major impact on demand for data governance and management expertise well beyond May 25.
Photo: gotphoto/Shutterstock.com