A recent study conducted by Deloitte reveals that just 15% of organisations will be ready to meet the standards of the EU’s General Data Protection Regulations, when they come into being on May 25th.
The survey also finds that organisations are taking different pathways towards compliance, as they try to mitigate the threat of heavy fines and the reputational damage associated with a potentially high profile data breach.
The remaining 85% of organisations are adopting a risk-based compliance strategy, evidencing their efforts with increased documentation. Ambiguity of the new standards is also causing trouble for organisations, Deloitte finds.
The GDPR will require consent of data usage to be informed, unambiguous and recorded. It’s proving to be one of the greatest obstacles for organisations, especially those that hold large amounts of customer and prospect marketing data. In the new legislative climate, all data – new and old – will have to comply to the new consent standards.
Putting an end to ‘data hoarding’, compliance will create more work for larger corporations with extensive and ageing databases. But it will be worth it.
Businesses are advised to conduct a wholescale data audit, if this has not already begun, to ensure GDPR-compliant consent exists for all data. This may uncover users that appear in the database through third-party data sources, or through non-compliant means, and these candidates may not wish to be involved in future marketing initiatives.
Weeding out non-compliant data or failure to re-secure consent will ultimately enable firms to lighten their storage load. Fresh consent will galvanise the validity and focus of the database going forward.
In order of difficulty, the next most challenging issues were:
- The right to erasure
- The development and maintenance of a personal data register
- The right to data portability
- The accountability principle
A further key element of the GDPR obliges organisations to report a data breach within 72 hours of it coming to managerial attentions. Worryingly, just 35% of organisations say that their data breach reporting procedure complies with GDPR standards.
Continue your journey to compliance
It’s easy to focus on getting specific areas of your organisation ready for the new legislative climate, but GDPR is not a tick-box exercise.
Effective compliance depends on nurturing a new security conscience on every level of the organisation, across departments, teams and individual employees. This will rely on educating your staff of the priority that is data privacy in the modern business world.
GDPR: Conference Europe is at the cutting edge of the GDPR debate, providing business leaders in the UK with expert guidance on the EU’s new data security standards.
Coming to 200 Aldersgate, London on March 8th, GDPR Conference Europe presents a Roadmap for Sales and Marketing through ten keynote presentations, panel discussions and live Q&A sessions with the biggest industry names.
Attendees will benefit from day packed full of unique insight, actionable steps to compliance and a far better understanding of the direction your journey to compliance needs to take.
To see the agenda, or to buy a ticket, click here.
The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.
Ahead of the end of year event, DPWF has launched a series of intensive workshops.
Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/