Only 45% of organizations have a structured plan for GDPR compliance

The General Data Protection Regulation (GDPR) will go into effect in 2018, making organizations accountable for personal data protection including how and where data is stored and how it is processed within the organization. However, according to SAS, 45 percent of organizations surveyed have a structured plan in place for compliance and 58 percent indicate that their organizations are not fully aware of the consequences of noncompliance.

plan GDPR compliance

“There are a lot of organizations that simply don’t know where to start on their journey to becoming GDPR compliant,” said Arturo Salazar, Principal Business Solutions Manager, SAS. “We recommend starting with a solid data governance strategy to ensure that the technologies and policies are in place to fully understand where your data is stored and who has access to it.”

Key points

Highlights from the survey include:

  • Most respondents feel that GDPR will have a large impact on their organization. However, many respondents (42 percent) indicate that their organizations are not fully aware of this impact.
  • Only 45 percent of organizations have a structured process in place to comply with GDPR, but of those only 66 percent think that this process will lead to successful compliance. In fact, many admit that they do not know how to determine if they are GDPR compliant.
  • Unsurprisingly, large organizations (5,000 employees+) are better equipped to handle GDPR with 54 percent being fully aware of the impact, compared to just 37 percent of small organizations.
  • Only 24 percent of organizations make use of external consulting to become GDPR compliant, but those with a structured process in place use external consulting more often (34 percent).
  • Just 26 percent of government organizations are aware of the impact of GDPR, the lowest of any industry segment.

Data portability and the right to be forgotten

Under the GDPR, individuals have the right to request that their personal data be erased or ported to another organization. This brings up questions about the tools and processes organizations need to have in place. For 48 percent of the respondents, it’s a challenge just to find personal data within their own databases (copied data sets, CRM data, etc.). In these cases, complying with GDPR regulations will be an even more serious task.

Of the surveyed organizations, 58 percent have problems managing data portability and the so-called right to be forgotten. Controlling access to personal data is also a serious challenge. Large organizations and financial institutions have more difficulty finding stored personal data than other organizations.

Benefits of GDPR

When asked about potential benefits of the GDPR, 71 percent believe that their data governance will improve as a result. The survey also showed that 37 percent of organizations think that their general IT capabilities will improve as they seek to comply and 30 percent agree that complying with the GDPR will improve their image.

Further, organizations believe that customers will reap the rewards of compliance efforts. The survey shows that 29 percent of organizations think customer satisfaction will be higher as they work toward GDPR compliance. Another 29 percent say their organizations’ external value propositions will improve.