Managing Personal Data Beyond The GDPR
The General Data Protection Regulation is now a reality for all businesses that control or process data about or relating to EU citizens. That of course includes businesses and organisations that are headquartered outside the European Union. Despite Brexit, the UK is also expected to align its data protection regulations with GDPR.
So in effect, we have a regulation that despite its European origins will have a global impact and may well set the blueprint for similar legislation in other regions such as the United States and Asia Pacific.
When we spoke to 200 senior CXO-level business and technology decision-makers across Europe, we wanted to discover not just how far preparations were underway for GDPR but what impact GDPR was having on the wider business.
This study addresses the following key questions:
- How ready are European organisations for 25th May when GDPR comes into full effect?
- What obstacles are being encountered during preparations to become GDPR-compliant?
- What data management technologies are companies investing in to meet GDPR requirements?
- What extra resources are being put in place for GDPR?
- What improvements do organisations expect to follow once they are GDPR-compliant?
- What are the anticipated benefits of GDPR compliance?
Only 19% of respondents believe their organisations will be fully ready for GDPR before the introduction date on 25th May, having completed and tested their preparations. Interestingly, manufacturing is the most prepared of all vertical sectors. With only two months to go at the time of the survey, 60% were still confident that they would be ready in time, while nearly 1 in 3 said they would not be.
A Brexit surprise
The UK is pitching itself as the most GDPR ready European country with 67% of UK respondents saying they will be ready by May. Europe’s most traditionally data sensitive region, DACH, is the least ready.
47% of respondents said that organisational issues are likely to be the biggest hurdle to GDPR readiness. A perceived lack of experience was second – but this is not surprising given the newness and scope of dealing with increasing amounts of data while attempting to meet the GDPR requirements.