With just weeks ahead of us, US companies are still unprepared for the EU’s General Data Protection Regulation (GDPR), according to Melissa – a global contact data quality and identity verification solutions provider.
A survey conducted by NAPCO Research and Melissa requested feedback from companies that each had an annual revenue greater than $10 million. The businesses were asked about their preparedness of the GDPR, as compliance goes into effect on May 25.
According to the survey, a large majority of US companies are not knowledgeable of the challenges they face to fulfill GDPR requirements. The “right to be forgotten,” required by Article 17 of the regulation, is one such example.
In addition, organizations may have a false sense of security when it comes to the systems that process private data, including customer relationship management (CRM), customer information file (CIF) and master data management (MDM).
Budget allocation is a grey area for more than 70% of respondents, which either had no idea what their GDPR budget was or had no specific GDPR budget established. Another 13% are allocating less than $1 million to these efforts. Overall, only 14% are allocating more than $1 million to GDPR compliance.
These tips can make a difference in achieving GDPR compliance
To address these GDPR risks, the report recommends:
- Empowering an individual to oversee GDPR compliance, i.e. a Data Protection Officer
- Conducting a GDPR Right to Erasure Risk Audit right to erasure
- Auditing SCV platforms to ensure quick, thorough EU record retrieval
Other advice includes taking advantage of technological innovations, such as smart data tools. The survey also reminds you that you always change your commitment to solutions you utilize for your enterprise. GDPR has some pretty strict requirements, which turn conventional data security processes on its side. According to Ray Melissa, president and CEO of the company, “The scope of the danger may catch more than a few enterprises by surprise.”
Organizations should be extra cautious about undocumented false-negative data, such as duplicate marketing messages. A full 40% of respondents reported that they do not make it a habit to keep track of these errors. Companies should also keep in mind that they are accountable for data they can’t find. The GDPR mandates organizations be able to find all of a customer’s data regardless of quality or variations. This includes name, address, email, phone number and other traditional record types.
Learn how to take accountability for the personal data of EU residents that you maintain
IT Governance, a world leader in IT security training, consulting, tools and information, is offering the Certified EU General Data Protection Regulation Practitioner (GDPR) Online Training Course. Gain a practical understanding of the methods and applications that are used to implement and manage an effective compliance framework, and how to fulfil the role of data protection officer (DPO).
The four-day, practical course delivers real-life scenarios and information on cybersecurity applications including:
- A real-life case study to demonstrate best practices and methodologies
- A DPIA tool to help assess and address privacy risks
- A GDPR compliance gap assessment tool to help prepare a compliance plan