Two in three CIOs yet to formulate ‘comprehensive’ GDPR strategy

(c)iStock.com/Leonardo Patrizi

Businesses have been warned and they’ve been previously shown up for not having the required knowledge over the European Union General Data Protection Regulation (GDPR) – now, a new piece of research from mainframe firm Compuware argues that more than two thirds of organisations do not have a comprehensive plan in place for how they will act.

The research, which quizzed 400 CIOs across Europe and the US, found that just over half (55%) of European businesses believe they are ‘well-briefed’ on the GDPR, while 63% argued data complexity is a major hurdle in achieving compliance with the new regulations.

The new rules, which come into effect on May 25 2018, concern users’ ‘right to be forgotten’, as well as a right for them to know when their data has been hacked, as well as transferring data to another service provider without the fear of vendor lock-in. The former is a particular concern in the research; only 52% of companies said they could comply with it right now.

Perhaps most worryingly, 68% of those polled said they ‘can’t always know where customer data is’ due to the complexity of modern IT. The use of outsourcing and mobile technology makes it more difficult, the research notes, cited by 81% and 63% of respondents respectively. That said, over half (51%) of CIOs say they can locate all of an individual’s personal data quickly.

“To comply with the GDPR, businesses need to keep stricter control of where customer data resides,” said Dr Elizabeth Maxwell, Compuware EMEA technical director. “If they don’t have a firm handle on where every copy of customer data resides across all their systems, businesses could lose countless man-hours conducting manual searches for the data of those exercising their ‘right to be forgotten’.

“Even then, they may not identify every copy, leaving them at risk of non-compliance.”

Any UK businesses thinking that because of the Brexit EU vote they don’t have to comply with the new regulations will be in for a rude awakening. Speaking to this publication before June’s referendum, Jonathan Mepsted, UK managing director at Netskope, argued the legislation – if you are looking to do business in the European Union, you are in. The Compuware research also found that more than half (52%) of US businesses hold European customer data, meaning they are also liable.