Following yesterday’s news from CenturyLink EMEA that only 25% of law firms surveyed are prepared for the General Data Protection Regulation (GDPR), it’s perhaps no surprise that, broadening out from specialist law firms, that number drops to an even smaller number of large and multinationals surveyed by the leading specialist law firm, Technology Law Alliance.
The survey by Technology Law Alliance shows that only 18% of UK and multi-national organisations are ‘highly confident’ that they will meet the deadline next May, for compliance with the new GDPR. Jagvinder Kang, Co-founder and Director of Technology Law Alliance, comments: “On the face of it, this seems to be a shocking figure, but it can be understood if you consider the challenges which organisations are facing.”
The survey results showed that the biggest challenges which organisations face, are dealing with the large number of systems on which data is stored and processed, and the lack of internal resource and know-how about GDPR. Kang explains: “Large organisations have complex systems and interactions with large numbers of databases. Although some organisations may have thought that Cloud Computing would simplify IT conceptually, it can give rise to problems from a data protection perspective.”
With the ‘high confidence’ figure for GDPR compliance by 25th May 2018 being at such a low level, one would assume that this would have the attention of the Boards of the respective organisations. However, only 51% of organisations indicated that regular Board level reporting was being undertaken in respect of GDPR readiness. Kang notes: “This figure is alarming, especially as the survey responses showed that 78% of organisations regarded GDPR compliance as more important than other compliance programmes.”
In terms of what organisations are actually doing to prepare for GDPR, 89% of respondents indicated that their organisations were involved in some form of data mapping or data flow activity. However, only 41% had a detailed GDPR compliance plan in place. The discrepancy between these figures is a concern, as Kang cautions: “Organisations need to be wary about just undertaking resource-intensive work on data mapping, without thinking about what they are going to do with the output of it, and how the activity is going to move them to compliance. Unfortunately, too many organisations are treating the data mapping as an end in itself, when in reality it’s just the start of what could be a very long journey.”
Software tools can assist with GDPR compliance and know-how, and Technology Law Alliance has developed its own GDPR software compliance tool, ‘Asimuth’, from their spin-off company, Asimuth Limited. Kang explains: “The feedback which we have received is that a lot of organisations are anxious about the perceived scale of the task, and some don’t know how to progress or continue with GDPR compliance – so we have developed Asimuth to help them with that – not only for initial compliance up to 25th May 2018, but also for ongoing compliance beyond that date.”
Although the survey results revealed that there are clear challenges which GDPR compliance is imposing on organisations, over three-quarters of organisations saw GDPR compliance as a positive initiative. Organisations cited reasons such as: helping them focus more clearly on the way in which data is used internally; becoming more transparent with individuals with regard to use of their data; and improving security within their organisations. These positive benefits accord with the messages which the Information Commissioner’s Office (or ICO) is advocating, for organisations to embrace GDPR compliance.
The full GDPR Readiness Report (November 2017 edition), detailing additional survey results and analysis, is available free of charge for download from www.Asimuth.com