Uncertainty remains on GDPR compliance
15 September 2017 | 0
A survey of more than 1,600 organisations internationally has found that more than a third (37%) do not know whether their organisation needs to comply with the general data protection regulation (GDPR), while more than a quarter (28%) believe they do not need to comply at all.
‘Organisations that achieve compliance can use it as a differentiator in the market,’ Data Protection Commissioner
The survey by Vanson Bourne, on behalf of WatchGuard Technologies, found that among those that do not believe the law applies to their organisation, one in seven collect personal data from EU citizens, while the 28% of respondents unsure about compliance also said that they collect this type of information. The results show that many companies are misinterpreting which types of data constitute a mandate for compliance.
Of those respondents who reported that their organisation needs to comply with GDPR (35%), the majority (86%) believe they have a solid compliance strategy in place. But, more than half (51%) of respondents believe their organisation will need to make significant changes to their IT infrastructure in order to comply. Although the findings show that firewalls, VPN and encryption are the security measures most likely to be involved in compliance strategies, only 18% of respondents said that sandboxes would play a role in their GDPR plan.
A TechBeat survey from July of this year, found that the majority of Irish organisations (84%) had taken steps towards GDPR compliance, with just 14% saying they had not. However, more than a third of respondents (36%) said they had not allocated any budget for the efforts as yet.
With less than 250 days left to the compliance deadline of 25 May, 2018, organisations are running out of time to implement compliance efforts. For smaller organisations in particular, there are fears that external resources to aid their compliance journey may increasingly become in short supply.
Helen Dixon, the data protection commissioner, has said that those organisations that achieve compliance can use it as a differentiator in the market.
She said that GDPR recognises the potential for innovation and technology, but it simply demands that it is done in a responsible way, where there is accountability and transparency where the implications for each of us in controlling our identities and access to our personal data.
However, the commissioner and her deputy, John O’Dwyer, speaking to TechPro, said that the deadline marks the end of the lead in, not the beginning.
“There won’t be a lead in time after May 18,” said O’Dwyer, “there won’t be any grace period. Organisations need to get their in house in order. There is no easy ride after May 18.”
To address the issue of ongoing compliance, and how that can deliver competitive advantage, TechFire, in association with Fujitsu, Veritas and Symantec, has assembled a panel of speakers for the third in its series on GDPR, to explore how compliance can be implemented without being a burden, and how it can be used to derive better insights from data. The event takes place on 20 September from 07:30 in Croke Park, Dublin.
With a legal perspective from Aoife Sexton of Frontier Privacy and a front line view from Tom Hulton, compliance officer with An Post, as well as expert speakers from Fujitsu, Veritas and Symantec, this event will ensure that organisations know how to make the best of their compliance efforts, making GDPR work them
For more information and to register to attend this free event, go to TechFire.ie