With enforcement of the EU’s General Data Protection Regulation (GDPR) just around the corner, preparations have begun. But, according to the “Getting to GDPR Compliance: Risk Evaluation and Strategies for Mitigation” report by the International Association of Privacy Professionals (IAPP) the survey found 84% of US organisations expect to be GDPR compliant when the regulation takes effect in May 2018, compared to 72% of EU organisations. Also, over a third of US organisations plan to be compliant by March 2018 – very organised! Whereas 24% of EU organisations will be ready at this time.
Rita Heimes, research director at IAPP, noted this lag as being down to “probably not having the right staffing and right budget to get up to speed in time.”
She added, “I think it’s a matter of resources. It looks as though the US organisations are appropriating quite a bit of resources towards compliance.”
Indeed, 25% of EU organisations cited inadequate budget as the top barrier to compliance barrier, while only 17% of US organisations said the same. Other barriers include; the complexity of GDPR regulation, there being too little time to become GDPR compliant and a lack of qualified staff.
In addition, the areas of GDPR identified as being the high-risk areas were international data transfer requirements, the need to obtain and manage consent of EU citizens before processing data, conducting data inventory and mapping, and maintaining records of data processing.
To mitigate these risks training, investments and deployment of compliance technology such as that provided through Osprey Cloud by Gravicus will be key to organisations in dealing with these very new level data protection obligations.
Sign-up to Gravicus Osprey to gain access to data management tools and resources, including our Whitepaper for CEOs on GDPR – An executive summary.
Telephone: 0203 858 0636
Simple and smart data management