A couple of weeks ago, the CEO at Waterline Data sent me an article featuring some really interesting GDPR survey data from Varonis Systems. Since then, I’ve been dying to write about it, so here goes.
If you haven’t seen the research yourself, the big takeaway was this: 75% of the IT decision makers polled admitted it will be a struggle for their organizations to be in compliance with GDPR before the May 25, 2018 deadline. As staggering as this figure is, it didn’t surprise me. But what did surprise me was that 42% say GDPR simply isn’t a priority—even despite the threat of severe penalties (up to €20M or 4% of total worldwide annual revenue of the preceding year, whichever is higher).
This is simply astounding. When in business is the potential loss of 20 million euros not a priority? When the challenges to protect that 20 million are insurmountable, apparently.
And here are the particular challenges 90% of IT decision makers say are preventing them from adhering to GDPR rules in time:
- GDPR Article 17: 55% survey respondents admit it will be tough meeting the “right to be forgotten” article, which requires businesses to erase certain personal information when requested by the individual
- GDPR Article 30: 52% say this will be a challenge, because they have a hard time identifying personal data, understanding who has access, who has been accessing, and more
- GDPR Article 32: 50% say they will have a problem complying with the security of processing, which requires businesses to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
As many organizations are beginning to realize, keeping data in a permanent state of compliance can be extremely difficult. Organizations may keep track of their most critical systems but often lack a comprehensive catalog of all their data, including development, test, production, data warehouse, and backup systems. The good news is Waterline Data specifically resolves the top two challenges mentioned in the Varonis survey and will soon have a solution out that resolves the third.
If you, too, are feeling pessimistic about your organization’s ability to meet GDPR rules in time, download this free white paper (from our sponsor Waterline Data), which addresses:
- How to identify data protected by GDPR across all data sources
- How to locate data that must be “forgotten”
- How to determine where protected data came from, where it’s going, and its total lineage
- How Waterline Data helps automate the process of identifying and controlling access to GDPR-regulated data