Most businesses are not ready to comply with the EU’s new data privacy requirements, risking prohibitive fines if they fail to meet the May deadline.

Known as the General Data Protection Regulation or GDPR, the EU describes the new requirements as “the most important change in data privacy regulation in 20 years.” Intended to replace the current European Data Protection Directive and standardize the laws governing data privacy across the EU’s member countries, it is meant to reshape the way organizations across the region deal with data privacy.

A recent survey of 132 compliance officers finds, however, that only a handful of companies are prepared to meet the new regulation’s requirements. Conducted by the Compliance, Governance and Oversight Council (CGOC), a group of more than 3,600 legal and information management professionals, the global study reveals that most organizations have doubts about their data disposal practices and ability to demonstrate compliance with GDPR rules. This held true across the board, regardless of region, industry or size of the organization.

Per the survey’s chief findings:

  • Only 6% of respondents feel their organizations are compliant with GDPR requirements, and most are concerned about their organization’s poor data disposal practices and inability to demonstrate compliance.
  • 34% say their managements allow operational and cost concerns to override their compliance efforts.
  • 50% identified internal staff and practices as their organization’s biggest security threat, as opposed to the 38% who view external threats as the primary danger. Poorly classified content ranked third among the respondents’ security concerns.
  • 85% agree that fine-tuning a data disposal program would improve their data protection safeguards, but 40% say their companies have yet to begin such an effort.

GDPR readiness compels companies to know the type, value and location of the information that they store and to delete, change or provide information as required by the regulations. Regular and automatic disposal of information that no longer has legal, regulatory or business value can significantly reduce the burden on information asset managers and help them remain GDPR-compliant.

“A comprehensive and unified governance program is one of the main pillars of GDPR readiness, because it ensures the involvement of all information stakeholders, provides a single, centralized view of all information across the enterprise and automates critical processes, such as defensible disposal,” says Heidi Maher, CGOC’s Executive Director.

The GDPR goes into effect on May 25, 2018. Businesses found in breach of the new requirements can be fined up to 4% of their annual revenue or 20 million euros (approximately $23 million), whichever is the greater.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access