Despite the General Data Protection Regulation (GDPR) coming into effect 12 months from now, the majority of European and US businesses are still inadequately prepared and at risk of incurring costly non-compliance fines.
New research from Compuware reveals that US organisations are better prepared for the EU GDPR than their European counterparts. The survey collected responses from 400 CIOs at large corporations in the UK, US, France, Germany, Italy and Spain.
Sixty percent of US respondents with European customer data said they have a detailed and far-reaching plan in place for when GDPR comes into effect. In the UK, just 19 percent of organisations have comprehensive plans in place.
Only 38 percent of all respondents have a comprehensive plan in place for how they will comply with GDPR, which leaves most at risk for non-compliance fines.
Two-thirds of European organisations say that they are prepared for the GDPR and the impact it will have on how they handle customer data.
Of the 94 percent of US organisations that handle European customer data, 88 percent claim to be well briefed on the GDPR and its impact on the way they handle that data.
IT complexity makes it difficult to know where customer data resides at any one time according to 75 percent of organisations, whilst 31 percent can't guarantee they would be able to find all of a customer's data if required. This indicates businesses will find it difficult to comply with the GDPR's “Right to be Forgotten”.
To achieve GDPR compliance, 56 percent of all respondents said that data complexity and ensuring data quality are the two biggest hurdles they will need to overcome.
“Businesses are clearly heading in the right direction on GDPR compliance, but there is still a long way to go in a very short timeframe,” Dr Elizabeth Maxwell, PDP, technical director, EMEA, Compuware, said in a release.“UK businesses may be behind due to initial uncertainty over the impact of Brexit. But any organisation doing business in Europe will need to fall into line by the May 2018 deadline. Failure to comply could lead to devastating consequences should a data breach occur, something all too common given the growth of cyber-crime and insider threats.”
