Veritas study: Organisations believe they are GDPR compliant

Veritas found that organisations across the globe ‘mistakenly’ believe they comply with the upcoming General Data Protection Regulation (GDPR)

The multi-cloud data management company’s report, The Veritas 2017 GDPR, found that 31% of survey respondents believe that their enterprise conforms to the legislation’s key requirements, although when questioned about GDPR provisions, the majority said they are unlikely to be in compliance; with 2% revealing a distinct misunderstanding over regulation readiness.

The findings showed that 61% of respondents think it’s difficult for their organisation to identify and report a personal data breach within 72 hours of awareness, and 48% said they are compliant without full visibility over data loss incidents; although organisations that don’t report the theft or loss of personal data is breaking key requirements.

‘Avoiding reputational damage and financial loss’

Jason Tooley, Vice President at Veritas, said: “Organisations who actively focus on development of a culture of data confidence will have a clear business advantage. Customer and supplier confidence in the use of data is critical to improved customer engagement, greater personalisation and ultimately service quality. This allows organisations to turn GDPR from being a regulatory challenge to being a business differentiator.”

Organisations struggle to control former employee data access and to ensure that reputational damage and financial loss is avoided, therefore former employees corporate data should be deleted to help stem malicious activity, although the report highlights that 50% of former employees are still able to access internal data.

‘Ensuring data compliance in the cloud’

“The complexity created through the management of data across multiple cloud and on-premise environments is accentuating the challenge and will inhibit an organisation’s ability to remain compliant in the face of the GDPR articles. For every organisation that’s currently struggling to make sense of the GDPR’s provisions, it should immediately seek an advisory service to audit its levels of preparedness and create a smooth and accelerated path towards total compliance,” added Tooley.

13% of survey respondents concluded that they do not have the capability to analyse and search personal data to uncover explicit and implicit references to an individual; with 49% believing that companies that comply with GDPR consider it the sole responsibility of the cloud service provider, ensuring data compliance in the cloud.

900 businesses across the US, the UK, France, Germany, Australia, Singapore, Japan and the Republic of Korea were interviewed for the report in February and March 2017.

Written by Leah Alger