The figures were in a survey of 500 IT decision-makers in companies with more than 100 employees and £15 million turnover, examining how businesses are preparing for the new regulation.
Only 31% of respondents said they had governance sponsorship for GDPR at board level, while just 9% said their compliance departments were giving them full support. This lack of interest at the top level comes despite more than six out of ten (62%) respondents agreeing that the new regulation would affect the profitability of their business, including 19% who said the impact would be negative.
“It is worrying to see signs that GDPR governance does not have the full attention of so many C-level executives,” said Julian Box, CEO, at Calligo. “Too many of those at the top think it is all about security, when that is only a part of it.
“The deadline for compliance is May 25 next year and any company that subsequently fails to handle data in the correct manner risks the severe penalties stipulated in the regulation. The top people in every organisation need to get to grips with this challenge, ensuring that their data is being stored and handled in full compliance.”
The survey found that only 43% of companies have appointed and resourced a Data Protection Officer, despite this being a requirement of the GDPR for medium-sized and larger businesses. In IT and telecoms, the figure is just 37%, while in manufacturing and utilities it is just 36%.
On average, organisations said they will employ 10 people on the task of achieving GDPR compliance, with healthcare sector proving the most committed, devoting an average 26 employees. This compares with averages of nine in IT and telecoms and four in arts and culture.
Calligo is an expert in the General Data Protection Regulation, which comes into force next year and which will standardize the protection of personal data of EU citizens.
For a full report on the Calligo research findings go to www.calligo.cloud/gdpr/ebook
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.