ISACA survey reveals alarmingly low levels of GDPR readiness
There are a lot of acronyms in IT certification, and certification programs come up with new ones every year. One acronym that’s sure to be of interest to a great many IT companies that offer certification and training, however, is not a combination of letters that represents a new credential, or an association or organization that is involved in IT certification.
Rather, the GDPR, or General Data Protection Regulation, is a new legal standard that regulates personal data protection among the more than two dozen member nations of the European Union. Adopted two years ago on April 14, 2016, the GDPR establishes privacy rules for businesses that process or store personal data. The deadline for full compliance falls at the end of next week.
IT certification programs, like most other businesses, frequently deal with overseas clients, and many organizations have been preparing for the May 25 deadline after which EU officials can seek legal action against GDPR dodgers. Not nearly as many as you might suppose, however, according to a new survey carried out by IT security and governance association ISACA.
The new survey, which reflects the perspective of more than 6,000 business and technology professionals who are ISACA members, found that just 29 percent of companies are in full compliance with GDPR rules. About half of businesses expect to be compliant by the end of 2018, but 31 percent are not only unprepared for next week’s deadline but “do not know when they will be fully compliant.”
There’s disturbing evidence, in fact, that many organizations are largely in the dark about GDPR. More than a third of survey respondents (39 percent) reported that organizational understanding regarding the responsibility to become GDPR compliant, as well as regarding the ramifications of noncompliance, is less than satisfactory.
For companies that are behind the curve and struggling to catch up, the biggest challenge is apparently finding out what items of the data they process or store will be affected — “data discovery and mapping” was cited as a challenge to compliance by 59 percent of survey respondents.
Other roadblocks to compliance include prioritization (cited as a sticking point by 47 percent of respondents), lack of information (45 percent), collaboration across departments (42 percent), and preparation for data access requests (37 percent). While some respondents estimate compliance costs in excess of $1 million, cost was deemed a hindrance by only 32 percent of businesses.
The ISACA survey did find a degree of optimism about GDPR. Many organizations believe that GDPR compliance will trigger important benefits, including greater data security, improved business reputation, and strong integration into corporate culture of data security best practices.
A full summary of survey findings is available online.