As GDPR fast approaches at the end of this month, 28 percent have not even begun to work toward the May 25 deadline and 60 percent of businesses affected by the GDPR are unsure they’ll meet the deadline, according to Crowd Research Partners.
The post-May challenge for a lot businesses is how they can sustain their efforts and prove their compliance to regulators. Recent research from consultancy EY reveals 40% of executives are not even fully aware of what is expected of them. The stakes are high as businesses will have to pay 4 percent of their annual global turnover or €20 million fines if they experience a data breach.
Mark McGregor, a former industry analyst and now Head of Strategy at business process management firm Signavio, comments: “GDPR is the biggest shake-up in data protection but firms still are not waking up to the fact that it’s real, its coming, fast and it is not just a Data Management Issue. All too often we engage with clients who have just realised that aspects of GDPR such as “right to be forgotten” and how to use the data you hold is a process issue not a data issue. It’s not about rushing to the finish line but having a sustainable long term approach, and this means that as well as good data management practices, you need clearly defined processes that are shared with everyone in the organisation who may come into contact with, use or otherwise manage customer data.”
Given the complexity of the current data ecosystem, compliance is no small task for many global businesses.
Mark continues: “Many organisations are not looking beyond May which means that the work you are doing in the run up becomes quickly outdated if it’s not sustained. It’s about changing the mind-set across the business so employees can take personal responsibility and collaborate to keep data up-to-date. Who better to help shape the process, than those on the ground?
“GDPR does not go into huge amount of detail of what firms need to doing either in terms of how data is captured, or about the level of detail needed to demonstrate compliance. Some companies are just ticking regulatory boxes whilst others are trying to genuinely change the way they are using data across their businesses to provide maximum value both internally and externally.”
Mark comments: “It is not unheard of for regulators to fine companies – who turn out to have been compliant – simply because those companies do not have the documentation to prove it. Full visibility on how data is being captured, processed and analysed is needed to demonstrate full compliance.”
“Even in a scenario where you’re quite content that you’re doing everything right, it all boils down to whether you can show it. Without proof, you’re opening yourself to high penalties which can easily be avoided.”