2018 is the year the General Data Protection Regulation (GDPR) kicks in. But how many organisations will be ready by the May 25 deadline?
According to a survey run by multinational cyber-security provider Kaspersky Lab, only half of SMEs in the UK and EU are even aware of the GDPR and only a quarter are ready for it; many more haven’t begun their preparations for compliance.
If you consider that the survey targeted organisations of more than 50 employees, it’s probably safe to assume that smaller organisations are even further behind in their preparations.
Compliance takes time
The requirements set out by the GDPR will involve careful coordination between departments, and time to implement the changes to accommodate them. Think of all the personal data being processed across different departments, from marketing and sales to HR and IT.
Each department may be using a different app to perform its tasks – such as marketing automation tools for marketing departments and CRMs for sales departments. Compiling a complete inventory of all data subjects and personal data held on them will take a lot of time and effort.
The process begins with an organisation undertaking a gap analysis to determine where the data protection shortfalls are in its systems. Each process that involves personal data may need to be adjusted or possibly redesigned to ensure personal data is being collected, stored and processed in accordance with the new data protection regulation.
Compliance is ongoing
What some organisations may not realise is that data protection isn’t a project with a start and end date. It’s an ongoing requirement that needs a framework in place to ensure personal data is secure. The other thing organisations may not know is that the GDPR isn’t only about data security – it includes governance policies and processes, plus employee education, all of which take time to implement.
Time may be running out until May 2018 but, luckily, tools like GDPR365 exist to make the compliance process easier for organisations.
If you haven't yet started, you should schedule for a free demo of a GDPR compliance tool.