GDPR legislation will come into full effect on May 25th 2018, enshrining full accountability for personal Data Protection. Processing, retaining and sharing Data which contains personal or personal sensitive information will be subject to stringent new rules and all organisations handling Data will need to be prepared for this. Waterford Technologies conducted a survey on our client base and the wider marketplace during October and November 2017 and some of the findings were surprising, even for our experts who deal with Data Management issues every day.
In October and November 2017, we carried out a survey with a focus on Data Management, Compliance and GDPR.
We polled 2,050 decision makers from our client database and across many industries in Ireland, Europe and the UK in the following roles:
- IT Directors and Managers
- Data Protection Officers
- Compliance Managers
- Legal representatives
From the 1,500 responses, we summarised the findings of this survey to spotlight the challenges that organisations experience at the moment in terms of Data Protection and especially GDPR readiness and preparation.
Massive Email “Fail”
Although organisations still conduct the vast majority of business communications through email, a staggering 87% of survey respondents had not made any proper planning provision for dealing with email for GDPR. Either completely overlooking email or wrongly considering it to be within the Structured Data category as opposed to Unstructured Data (which it is), was the biggest single surprise.
Just around half (51%) of our respondents already have a properly developed Data Management plan in motion for GDPR, leaving a very tight timeline for the remainder to get a strategy and begin work on a project to align to the new legislation coming out in May. Responsible people will need to act early and fast in 2018 to get off the blocks.
82% of emails can be classified as containing Personal Data which is subject to GDPR audit and compliance. Worryingly, 52% of survey respondents revealed that there was not a complete awareness of the potential results of non-compliance with GDPR regulations on Personal Data.
Data Management Challenges
Selected Data Management responses from our GDPR Survey
- Momentum – Does an Active GDPR Project exist?
- Ownership – The GDPR Data Management project will not belong solely to IT decision makers.
- Focus – What Data is in your scope for the GDPR project?
- Internal awareness of GDPR
- The consequences of not complying with GDPR
Key Survey Takeaways
- Overall, there is a large proportion of unreadiness for GDPR across all sizes of organisation with almost half of respondents indicating that a project had not started at the time of the survey. We expect this to change rapidly in the first weeks and months of 2018 as the May deadline approaches.
- Forgetting that email, the lifeblood of business, is under scope for GDPR will be no excuse if a DSAR (Data Subject Access Request) is received or when a Data breach or compliance audit happens. Make a plan for email now!
- Ownership of the project to ensure GDPR compliance will involve different functions from across the organisation.
- Taking accurate “stock” of which Data is in focus for projects and GDPR audits has clearly not been enough of a priority for most survey respondents yet.
- Understanding what Unstructured Data is and how much of it exists on Email and File servers is critical to making plans to deal with it and achieve compliance.
- Limiting the amount of Personal Data sitting on the organisation’s servers will greatly decrease the possibility of non-compliance.
Data Project for GDPR Readiness
As we have discussed recently in our blog, the GDPR data project need not be a massive undertaking and our team of Data Management experts stand ready to assist you in your journey to compliance.
Scheduled audits, surprise inspections and post-breach investigations are all on the table and with the sheer level of “noise” around the whole GDPR introduction, it is easy for procrastinators to be confused by the number of options out in the market offering “silver bullets” to deal with it.
Finding where Personal Data is located on servers is a challenge that needs to be addressed immediately before GDPR comes into play and also on an ongoing basis to ensure that Unstructured Data compliance is maintained.
Practical Focus for GDPR Projects
“GDPR and its potential fines are or are about to be the hot topic of conversation for all EU organisations in the coming weeks and months, with lots of promises and scare mongering, but not much in the way of fact and reality.” says Gary White, CIPP/E, Data Management Consultant with Waterford Technologies.
“GDPR is in reality the enforcement of existing data protection and compliance rules that have been almost completely ignored by organisations for years and which have now been updated and enforced via fines. GDPR will require organisations to look at multiple vendors to provide and comprehensive solution, as the fact remains that no one company can solve all their needs and a lot of companies are spreading fear by focusing on the wrong areas.”
White prefers to look at a practical focus for meeting compliance needs “Waterford Technologies via ComplyKEY focus on one key area, Unstructured Data or the day to day data of all organisations – email and file – to you and me. Accounting for anywhere between 70 and 80% of all data held by organisations, this is simply too critical to ignore, but unfortunately that seems to be the case as more and more organisations look at the Headline items from GDPR such as breach notification or data transfers and not the true daily headaches such as DSAR, analysis, retention and discovery”
About Waterford Technologies
Waterford Technologies assists thousands of client organisations globally to proactively manage Unstructured Data (email and file) to best practice compliance standards. We enable organisations to make Data decisions based on their facts – bringing Unstructured Data to light and enabling analysis, plans and immediate action on the findings.
We do not claim to solve all your GDPR headaches but will enable clients to meet requirements for Unstructured Data, which makes up roughly 80% of all business Data. That is a huge tick in the GDPR readiness journey!
We tailor a solution for your GDPR Unstructured Data requirement at a reasonable price point for your organisation, providing the expert advice and the toolset to allow you to achieve GDPR compliance for email and file.
Waterford, Ireland (January 8, 2018)