Two thirds of UK firms won’t be GDPR compliant by May 25
New research says UK companies are massively ill-prepared for this week’s General Data Protection Regulation (GDPR) enforcement deadline.
Less than a third (29%) of organisations surveyed by USB drive specialist Apricorn felt confident they would comply, and when questioned further and asked whether there were any areas they might be likely to fail, 81% could think of some area of the new requirements that might cause them to fail when it comes to GDPR compliance.
Fifty per cent of organisations who know that GDPR will apply to them admit that a lack of understanding of the data they collect and process is their number one concern relating to non-compliance.
On top of this, almost four in ten (37%) believe they are most likely to fail because of gaps in employee training, and almost a quarter (23%) say their employees don’t understand the new responsibilities that come with the GDPR.
While one in ten still regard the GDPR as a mere tick box exercise, a substantial proportion do view it as being of some benefit to their organisation – for example 44% agree that the new regulation is a welcome opportunity to overhaul their organisation’s data handling and security processes.
The most commonly taken step so far, for those who say they will be at least somewhat prepared for the GDPR, is to review and update their security policies for mobile working (67%). However, 30% still worry they could fail to comply due to mobile working, and almost a quarter (22%) of respondents are concerned they may fail due to a lack of encryption.
“Data or personally identifiable information (PII) is at the heart of GDPR and mapping and securing it should be every organisation’s number one priority. By now, all employees, from the top down, should have an understanding of the importance of GDPR and the role they play in keeping this data safe,” said Jon Fielding, Managing Director, EMEA Apricorn. “While we know that many organisations have provided some form of employee training, clearly in some cases this hasn’t been effective and organisations should address these gaps urgently.”