New research report finds less than 10% of North American organizations are ready for GDPR.
According to the erwin, Inc research report, only 6% of enterprises state they are prepared for the upcoming regulation. Alarm bells are certainly ringing after seeing that the overwhelming majority are not ready for one of the most important data privacy and security laws in recent years.
You would have had to have been living under a digital rock to not realize that the European General Data Protection Regulation will be enforced on the 25th May. This gives organizations less than four months to have the necessary data protection and security measures in place to ensure they are compliant to meet the regulation’s strict governance laws.
UBM, who commissioned the research, surveyed North American business technology professionals which included CIOs, CTOs, IT staff and consultants. Some may query the strength of the research findings because of the North American pool of respondents who were being asked about a European regulation. However, GDPR is a truly global legislation as it applies to any organization or enterprise that collects the personal information from any EU citizen, regardless of the company’s location.
Still, many appear to not fully understand its importance as nearly half (46%) of organizations do not have a formal governance strategy in place, with a further 63% stating they don’t have the budget for data governance or are simply unaware if they have one.
Despite the results indicating that many organizations are not prepared for GDPR, 98% of the respondents do view data governance as crucial from a business perspective and this realization could be the trigger to get organizations compliant in time.
Moving forward, this will require better communication between the IT departments and legal teams. For those that are worried about this prospect, Article 37 of the GDPR may require organizations to hire a Data Protection Officer (DPO) to make sure the company’s data policies are aligned with the GDPR. This includes educating employees and carrying out privacy assessments on data security risks. Nevertheless, the findings certainly prove that data governance is a work in progress that many are still coming to terms with.