Only 7 per cent of businesses GDPR-compliant as deadline looms, data privacy gains prominence

In the wake of the Facebook and Cambridge Analytica data misuse, public attention around the importance of data privacy has been heightened. Yet, with only a month until the General Data Protection Regulation (GDPR) deadline comes into effect, 93 per cent of respondents to a new survey from business analytics leader SAS say they are not yet fully GDPR compliant.

 

Less than half (49 per cent) of the global organisations surveyed reported that they expect to be compliant when GDPR goes into effect May 25. The EU, UK and Ireland are slightly more prepared than the U.S., with 53 per cent of EU and 54 per cent of UK and Irish organisations surveyed expecting to meet the deadline, compared to just 30 per cent stateside.

 

The GDPR gives EU residents privacy rights that give them greater control over how companies handle their personal data.  Any organisation that is storing or processing data on EU residents may have GDPR compliance obligations, even if the organisation isn’t in the EU.

 

In February, SAS conducted a global survey of 183 business people in a wide variety of industries who have a role in preparing their organisations for GDPR. The survey highlights the biggest challenges and opportunities they face on the road to GDPR compliance. Download the complete infographic here.

 

“Despite the long run-up to GDPR, the vast majority of UK organisations still don’t have processes in place to manage their data in compliance with the new rules,” said David Smith, Head of GDPR Technology, SAS UK & Ireland. “At this point, senior leadership needs to take ownership of getting the whole company on board, from IT to operations, to make sure that all personal data is accurately located and appropriately handled.”

 

Though the survey shows that most organisations are not ready for the fast-approaching GDPR deadline, they are working to become compliant (93 per cent have a plan in place or expect to have one). And the majority of respondents anticipate benefits for their organisations that will result from their efforts to become GDPR compliant.

 

“There’s a great opportunity contained within the challenge of GDPR,” Smith continued. “Organisations that gain greater control and understanding of their data will be better able to provide their customers with the services they want, in the manner that they want them. Those companies that can innovate through GDPR will gain a significant advantage over competitors who get stuck in the long grass of compliance.”

 

In fact, 84 per cent of all respondents and 79 per cent of UK and Irish respondents, said they expect GDPR to improve their data governance. Sixty-eight per cent worldwide and 81 per cent of UK and Irish respondents also anticipate that GDPR will increase trust between them and their customers. Improved personal data quality, enhanced organisational image, and a move toward a data-driven organisation were additional benefits they expect to gain from GDPR compliance.

 

Additional highlights from the survey include:

• 58 per cent of global respondents have a structured plan in process to comply with GDPR and another 35 per cent are planning to have one. This is up from SAS’ 2017 survey, which found that less than half (45 per cent) of respondents had a structured plan in place to comply with GDPR.
  • However, 15 per cent of U.S. respondents and four per cent of EU respondents said their organisation had no plans to develop a structured process to comply with GDPR.
• To get a GDPR compliance plan in place, organisations need help. Seventy-five per cent of respondents worldwide said that they have obtained or plan to obtain legal or consulting support.
• Sixty-three per cent globally and 69 per cent in the UK and Ireland said GDPR will have a significant effect on how their organisation conducts business.
• Identifying all sources of stored personal data, followed by acquiring the skills to manage GDPR compliance, were listed as the top challenges organisations face in preparing for GDPR.
• Additionally, almost half of respondents (49 per cent globally and 44 per cent in the UK and Ireland) reported that GDPR would have a significant impact on their organisation’s artificial intelligence projects.
  • Establishing informed consent, logging and presenting profiling details to auditors, and requiring human involvement in decisions are the three compliance requirements that are most concerning to participants regarding their artificial intelligence projects.
• Seventy-five per cent of respondents also expect GDPR compliance to have a significant effect on their IT operations. That number goes up for the UK and Ireland, to 84 per cent.