Organisations are still struggling with GDPR compliance
Research suggest that a lack of visibility of crucial personal data is leaving many businesses failing to meet the GDPR regulation
Research suggest that a lack of visibility of crucial personal data is leaving many businesses failing to meet the GDPR regulation
A research from Crown Records Management has found that over 75% of organisations could be struggling with EU General Data Protection Regulation (GDPR) compliance, introduced by the Data Protection Act 2018, a full year on from the introduction of the new regulation.
The survey was conducted by Sapio Research in March 2019. They interviewed 103 senior managers, IT and data professionals in companies with over 250 employees.
Kevin Widdop, Information Security Consultant at Crown Records Management commented: “It’s concerning to witness that a year on from the introduction of GDPR businesses are still struggling to implement effective records management processes, leaving them open to potential fines. Companies have clearly implemented GDPR policies but have failed to put the building blocks in place to live by them.
Organisations seem to be finding data retrieval, redaction and storage the most challenging areas. By reviewing internal processes and making the necessary changes businesses can reduce the risk of non-compliance. Systems that help to digitise and index all relevant data are essential as they make it easier to search for and retrieve information quickly.”
The research reveals that organisations also seem to be struggling to meet deadlines for GDPR compliance.
Major observations and conclusions from the research were as follows:
Kellie Peters, Director at Databasix concluded: “Over the last 12 months organisations have gained awareness of what GDPR is but not necessarily what’s involved with implementing a successful GDPR procedure. It’s important to understand where your data is because if you receive a Subject Access Request, you only have 30 days to provide the information. Therefore, it’s crucial you have full visibility of what data you’re holding and where.”
An annual survey has illustrated the changing attitudes of organisations towards cybersecurity. According to the Cyber Security Breaches survey, GDPR has accelerated the pace of change across organisations. However, GDPR has had some unintended consequences. It has led some organisations to frame cybersecurity largely in terms of avoiding personal data breaches. These organisations were less focused on other kinds of breaches or attacks. They typically had a narrower set of technical controls in place.
The statistics from the survey result have shown a reduction in the percentage of businesses suffering a cyber breach or attack in the last year. It shows that 32% of businesses identified a cybersecurity attack in the last 12 months. This figure is down from 43% in the previous year.
The reduction is partly due to the introduction of tough new data laws under the Data Protection Act and the GDPR. 30% of businesses and 36% of charities have made changes to their cybersecurity policies and processes as a result of GDPR coming into force in May 2018.
Over the past year, there has been a significant increase in understanding about personal data, predominantly because of the implementation of GDPR. However, there still remains a perceived barrier in relation to how personal data can be used within today’s digital society.