The survey, conducted by bluesource, also highlights that although 50% are taking steps to prepare for GDPR compliance - 30% still believe that the regulations won’t affect them, and 20% are not sure what to do next.
Over 80% of respondents stated that with the deadline for GDPR compliance only 11 months away, they are facing major challenges – including seeking increased security and governance around cloud environments – such as Office 365 and shadow IT. 80% of those surveyed felt that big tech vendors have a responsibility to ensure that their own systems will meet GDPR regulations – as well as those of their customers, but are unsure how this will be achieved.
The increased financial impact of fines and the expected frequency of their enforcement, is a major concern for most surveyed. An overwhelming 90% indicated that a non-compliance fine would result in huge reputational damage for their organisation and a loss of trust from customers, suppliers and staff.
On a more positive note, 45% of those surveyed, have already nominated a member of a specific departmental function, including; legal, compliance and IT security, to be solely dedicated to privacy and GDPR initiatives. However, 20% haven’t considered selecting a nominated person as yet and 35% believe that finding a suitably qualified and experienced individual will be a challenge.
Sean Hanford – information governance consultant at bluesource says: “Our research across UK organisations indicates that there still remains a gap between GDPR awareness and action. There must be a swift attitude change towards data protection and staff clearly require better skills, so they become more data savvy. We have partnered with The British Standards Institute to help organisations shift away from seeing GDPR as a box ticking exercise, and instead create a framework that can be used to build a culture of privacy and a responsible attitude towards data.”
bluesource and the British Standards Institute have developed a joint range of GDPR compliance and governance initiatives to help organisations manage and maintain adherence to EU data protection standards. These offerings will enable organisations, using Microsoft and Veritas systems, to take best practice action - by understanding the data risks that they create for others, and how these can be mitigated - in a secure and compliant way. Options include a compliance assessment that identifies an organisation’s GDPR state of readiness, and solutions that help optimise the control, visibility and responsibility of data.
