It has been reported that a large amount of businesses are unprepared for the arrival of General Data Protection Regulation next May; one in five senior executives have little or no idea about GDPR and its impact. Despite the deadline for GDPR compliance being under a year away, the lack of knowledge around the subject will leave businesses struggling.
Survey findings, from Alfresco and AIIM, revealed almost half of respondents reported GDPR content for their business isn’t kept within the business itself but third parties such as partners and suppliers, increasing the risk of hacks and not knowing exactly where data resides. Almost a quarter of businesses reportedly don’t have a clear understanding of what they need to do regarding movement of data across their businesses. Steve Durbin, Managing Director at the Information Security Forum (ISF) commented below.
Steve Durbin, Managing Director at the Information Security Forum (ISF):
“The GDPR is the greatest shake up in privacy legislation that we have seen. It redefines the scope of EU data protection legislation and forces organisations, wherever in the world they are based, to comply with its requirements. Taking into account the overall cost of compliance, along with potential sanctions for non compliance which include fines of up to 4% of annual turnover, the GDPR will undoubtedly affect an organisation’s overall corporate risk profile, and it is essential that boards and operational management understand this impact sooner rather than later.
For most organisations, the next nine months will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to implement in order to manage their compliance and risk obligations. For most businesses this will require involving not just risk professionals but line of business leaders along with legal and the full management team and board. This is an enterprise wide undertaking to ensure first stage compliance and continued alignment with the GDPR requirements. Whilst there are detailed materials available to assist in this process from organisations such as the ISF with its Preparing for the General Data Protection Regulation, many organisations still have a long way to go to prepare, implement, evaluate and enhance their data protection activities in line with the GDPR’s legal requirements.”