The General Data Protection Regulation (GDPR) will go into effect in 2018, making organisations accountable for personal data protection including how and where data is stored and how it is processed within the organisation. However, according to a new survey from business analytics leader, SAS, less than half (45 per cent) of organisations surveyed have a structured plan in place for compliance and more than half (58 per cent) indicate that their organisations are not fully aware of the consequences of non-compliance.
“With the masses of information on GDPR currently in the public sphere, companies generally know what it is they have to do to prepare for the upcoming regulations,”said Mike Wake, Head of Data Management, SAS UK & Ireland. “They need to properly assess all their risks, mitigate the risks they uncover and be able to demonstrate what action they have taken to achieve this. The challenge is they often don’t know where to start because of the scale and complexity of the task. Companies cannot get the assurance needed that what they are doing is definitely the right course of action, because while the regulations set out what needs to be done they do not prescribe how you go about it. Compliance will be painful for many and individual teams don’t want to be the ones causing unnecessary delay and disruption.”
Highlights from the survey include:
- Most respondents feel that GDPR will have a large impact on their organisation. However, many respondents (41 per cent) indicate that their organisations are not fully aware of this impact.
- Only 45 per cent of organisations have a structured process in place to comply with GDPR, but of those only 66 per cent think that this process will lead to successful compliance. In fact, many admit that they do not know how to determine if they are GDPR compliant.
- Unsurprisingly, large organisations (5,000 employees+) are better equipped to handle GDPR with 54 per cent being fully aware of the impact, compared to just 37 per cent of small organisations.
- Only 24 percent of organisations make use of external consulting to become GDPR compliant, but those with a structured process in place use external consulting more often (34 per cent).
- Just 26 per cent of government organisations are aware of the impact of GDPR, the lowest of any industry segment.
Data portability and the right to be forgotten
Under the GDPR, individuals have the right to request that their personal data be erased or ported to another organisation. This brings up questions about the tools and processes organisations need to have in place. For 48 per cent of the respondents, it’s a challenge just to find personal data within their own databases (copied data sets, CRM data, etc.). In these cases, complying with GDPR regulations will be an even more serious task.
Of the surveyed organisations, 58 per cent have problems managing data portability and the so-called right to be forgotten. Controlling access to personal data is also a serious challenge. Large organisations and financial institutions have more difficulty finding stored personal data than other organisations.
Benefits of GDPR
When asked about potential benefits of the GDPR, 71 per cent believe that their data governance will improve as a result. The survey also showed that 37 per cent of organisations think that their general IT capabilities will improve as they seek to comply, and 30 per cent agree that complying with the GDPR will improve their image. Furthermore, organisations believe that customers will reap the rewards of compliance efforts. The survey shows that 29 per cent of organisations think customer satisfaction will be higher as they work toward GDPR compliance. Another 29 per cent say their organisations’ external value propositions will improve.
For additional survey findings and implications of the GDPR, download the eBook onWorking toward GDPR compliance.
Survey Methodology
In spring 2017, SAS conducted a global GDPR survey among 340 business executives from multiple industries and geographies. Based on the results of that survey, this report highlights the biggest challenges and opportunities organisations face on the road to GDPR compliance.
