The EU General Data Protection Regulation (GDPR) is designed to protect the rights of natural persons, and holds any controller or processor that handles personal information accountable. The GDPR makes sure that organizations that maintain personal data take responsibility for how they use, store, protect, transfer, and delete personal data.
Just because an organization is located outside of an EU country does not mean it is exempt from fulfilling the GDPR obligations. Any company that processes the personal information of an EU resident is responsible for safeguarding their information, including third-party call centers, Cloud and payroll services. Organizations that monitor behavior are included.
Since the GDPR is a revision of information security regulations from the 1995 EU Data Protection Directive, there are major changes that organizations worldwide need to factor into their strategy, policy, and operations. Fines, compensation claims for damages and reputational harm are just a few of the costs of non-compliance.
Analytics leader SAS conducted a global GDPR survey of executives from multiple industries to assess their attitudes, objectives, and challenges in addressing the GDPR. It’s good to know that most respondents (67%) understand that the GDPR will have a big impact on their organizations.
Although 56% of organizations are already taking steps toward GDPR compliance, less than half of respondents, just 42%, are aware of its impact on their businesses or the obligations they must satisfy. Only 26% of the government agencies included are fully aware of the impact.
*From ‘Working toward GDPR compliance’ by SAS.
The respondents were at various stages along the way to GDPR compliance. Of the 45% that have a structured process planned, 20% of them have not taken any steps toward achieving GDPR compliance. Within the organizations that have a planned structure, 66% are not sure whether it will lead to successful compliance. Larger organizations have a more structured process in place: 60% versus 45% of all organizations.
Wide-ranging challenges to prepare for the GDPR
Setting controls to secure personal data and dealing with individuals’ rights are just two parts of the GDPR challenge. The majority of EU and non-EU organizations, 59%, believe that knowing the sufficient actions to take is the biggest obstacle, 58% say it is managing data portability and the right to be forgotten, and 50% believe controlling access to personal data is the third biggest concern.
Nearly half of the respondents said they had trouble finding personal data stored within their own databases.
Don’t know where to start with GDPR compliance?
If you need help learning about complying with the GDPR, we have put together this handy infographic that provides a high-level explanation.
If you are ready to start your GDPR project, training is a good place to begin. IT Governance now offers the Certified EU General Data Protection Regulation Foundation (GDPR) Training Course in a classroom format.
Gain a comprehensive introduction to the GDPR and a practical understanding of the implications and legal requirements for US organizations in this one-day introductory training course. The course takes place on November 28, 2017 from 9:00 am – 5:00 pm, at the Marriott in Boston, MA.
Space is limited, so register today >>