According to the "EU GDPR (General Data Protection Regulation) implementation review survey” conducted by IT Governance, six months on from the May deadline, organizations are failing to implement the EU GDPR (General Data Protection Regulation). Although respondents said they understood the GDPR and its applicability to their organization, fewer could confidently say that they had leveraged that understanding to implement changes.
The GDPR came into effect on May 25, 2018 and applies to all organizations that monitor the behavior of, or offer goods and services to, EU residents – irrespective of the organization’s location or where the data is processed.
- When asked how far along they were in achieving GDPR compliance, only 29% said they had implemented all necessary changes
- 59% of respondents were aware of the changes to DSARs (data subject access requests) but only 29% had plans to adapt their processes to address this. Responding to DSARs correctly is extremely important; if they are managed incorrectly, data subjects can lodge complaints and fines can be issued
- 75% of respondents had conducted a data flow audit in some capacity. As part of a GDPR compliance project, organizations need to map their data and information flows in order to assess their privacy risks. This will form part of their Article 30 documentation
- 61% of respondents had implemented basic security controls to address data security and breach management. Although just 29% of respondents considered themselves compliant with the GDPR, more than 50% had procedures in place to notify their supervisory authority and individuals should a breach occur
“It is discouraging to see so many organizations understanding the GDPR and its applicability to their businesses but failing to comply. May 25 should have been the wakeup call, but it’s not too late to begin your compliance journey. The time is now,” commented Alan Calder, founder and executive chairman of IT Governance.
The survey was sent to IT Governance’s data protection and GDPR customers, and received 210 responses from organizations in a range of business sectors, including defense and aerospace, health care and health science, financial services, and professional services. Organizations ranged in size from fewer than 10 employees to more than 1,001.