GDPR: Only One in Three Businesses are Compliant - Here's What is Holding Them Back
Arthur T Knackerbracket has found the following story:
Under one in three organisations are fully compliant with the General Data Protection Regulation, despite the privacy legislation coming into force across Europe almost a year and a half ago.
Consultancy firm Capgemini surveyed over 1,000 compliance, privacy and data protection personnel and found that despite three quarters of them having previously been confident about being compliant by the time GDPR came into force in May 2018, that isn't the case in reality and many are still struggling to adhere to the legislation.
Now just 28% of those surveyed believe they're fully GDPR compliant - despite regulators being willing to issue heavy fines.
The UK's Information Commissioner's Office (ICO) has already issued a record fine of 183m to British Airways for what it concludes to be "poor security arrangements", which led to personal data of half a million customers being stolen by hackers in a cyberattack disclosed in September 2018.
"For many organisations, the true size of the GDPR challenge only became apparent as they began the initial projects to identify the applicable data that they held. As a result, only the most focused organisations had completed their GDPR readiness by the time the legislation came into force," Chris Cooper, head of cybersecurity practice at Capgemini, told ZDNet.
[...] The Capgemini survey found that of those organisations that are fully GDPR-compliant, 92% of executives from these firms believe that being so has given them a competitive advantage by enabling them to improve customer trust, customer satisfaction and brand image, with all of this helping to boost revenue.
GDPR-compliant organisations also point to benefits behind the scenes, with around four in five of those surveyed of the opinion that being compliant with data protection regulation has helped improve IT systems and cybersecurity practices throughout the organisation.
"Organisations need to promote a data protection and privacy mindset among employees and integrate advanced technologies to boost data discovery, data management, data quality, cybersecurity, and information security efficiencies," said the report.
[...] "The introduction of GDPR was not a deadline but the start of an ongoing process and there is a lot more work to be done. That said, we will not hesitate to act in the public's best interests when organisations wilfully or negligently break the law," said an ICO statement.
Read more of this story at SoylentNews.