tashka2000 - Fotolia
With just a year to go until the General Data Protection Regulation (GDPR) comes into force, the countdown to compliance has begun, giving the channel a window of opportunity to go out to customers and give them a nudge about taking steps to protect their data.
In 365 days’ time, the GDPR rules will be enforced, but despite plenty of vendors discussing the issue – with roadshows, webinars and the like being dedicated to the topic – many customers have yet to take steps towards compliance.
A number of reports have been issued to coincide with the year-to-go countdown, and these provide an insight into just how much work remains to be done.
Research from DMA indicates that half of businesses will not be ready in time, and a quarter of those have not yet embarked on a GDPR plan.
“Despite high levels of awareness, with a year to prepare for the new laws, the number of businesses that believe they will be ready in time has dropped to just over half,” said Chris Combemale, CEO of the DMA Group.
One of the problems identified by DMA is that of confusing messages from the regulators over exactly what steps customers need to take. The company has called for more transparency and clarity in the run-up to the introduction of the data protection regulation next year.
“As Britain’s role in the world changes, we must look at a global approach to free trade, with free movement of data at its heart and the UK at the centre. Britain, as the leading digital economy, is well placed to be this global centre of innovation, skills and competencies driving global economic growth. But we need clear guidance from regulators or risk the consequences come 25 May 2018,” said Combemale.
Lack of customer preparedness for GDPR was also the theme of research from the Blancco Technology Group, which found that UK organisations were behind in their preparations compared with their European counterparts, and most did not have solid data management practices in place.
“If an organisation cannot find its customers’ data, how will it be capable of erasing the data and complying with the EU GDPR’s requirements? Once it does finally locate its customers’ data, the next step is erasing the data permanently so that it can never be recovered,” said Richard Steinnon, chief strategy officer at Blancco.
“But as our study reveals, it’s quite common for organisations to use insecure and unreliable data removal methods, such as basic deletion and free data wiping software, which further undermines their security and compliance with EU GDPR.
Ashley Winton, Paul Hastings
“The first priority for all companies should be to gain a complete picture of all data collected, stored or processed that contains EU citizen and resident information,” he advised.
Between now and the arrival of GDPR there will be plenty of focus on the issue, and the advice to firms today is that there is still time left to work towards compliance, but this work must start now.
“With a year to go before the GDPR is implemented, it is a good time for businesses to pause and check that they will get to the finish line in time. Many companies are undertaking a detailed GDPR gap analysis or sophisticated data mapping, and while they can be useful tasks in themselves, it is worth re-examining them to see if they can be simplified to bring forward key remediation tasks,” said Ashley Winton, a partner at law firm Paul Hastings and chairman of the UK Data Protection Forum.
“For many companies, GDPR compliance will be greatly assisted by alterations to existing databases and technologies, so in the GDPR compliance triage an immediate focus on technology could be a lifesaver,” he added.
“In the UK, there will be no grace period for compliance with the GDPR, so with 365 days to go and counting, now is the time for businesses to re-assess their approach to becoming compliant.”