Though the Deadline Has Passed, Most Organizations Are Still Not Ready for GDPR
According to new global research from ISACA, only 29% of respondents said their organizations would be fully EU General Data Protection Regulation (GDPR) compliant by the deadline of 25 May 2018. The GDPR impacts entities doing business in or with EU member countries. Last month, ISACA conducted a GDPR Readiness Survey that provides a near-real-time look at readiness levels, top compliance barriers and expected readiness timeframes.
Not only are most organizations unprepared for the deadline, but only about half of those surveyed (52%) expect to be compliant by end-of-year 2018, and 31% do not know when they will be fully compliant.
According to ISACA’s research, the top 5 challenges related to GDPR compliance are:
Data discovery and mapping (59%)
Prioritizing GDPR compliance among other business priorities (47%)
Organizational education and change programs (45%)
Ensuring cross-departmental collaboration and buy-in (42%)
Preparation for data subject access or deletion requests (37%)
Among the survey’s most concerning findings is the level of employee education on GDPR and their role in compliance. Only 39% of respondents say their organizations’ employees have been educated to a satisfactory level about their responsibilities to maintain GDPR compliance.
The good news is that the majority of executive leaders recognize the importance of GDPR and its implications. According to the ISACA data, nearly 7 in 10 respondents (69%) believe their organization’s executives have made becoming GDPR-compliant a priority.