Top Concerns Include Inability to Demonstrate Compliance and Revealing Poor Data Disposal Practices
AUSTIN, Texas – Oct. 31, 2017 – The CGOC (Compliance, Governance and Oversight Council) today released the results of a survey and accompanying infographic that reveals most enterprises are not ready to comply with the EU’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. According to Top Corporate Data Protection Challenges, a survey of 132 compliance officers from organizations around the world and across multiple industries, only 6 percent of respondents feel their organizations are currently compliant with the upcoming regulation. The results also indicate most organizations are concerned about their poor data disposal practices and ability to demonstrate compliance, key elements of GDPR readiness. Organization size had no significant impact on readiness levels.
For years before the passage of the GDPR, the CGOC focused on advice and resources to help organizations adhere to the European Data Protection Directive. However, because the Directive created only a minimum standard, many countries implemented higher and different standards, leading to confusion. The GDPR now harmonizes all of the data protection laws in the EU to protect the personal information of its citizens and residents. GDPR readiness compels organizations to know the type, value, and location of the information they store, and to delete, change or provide information as required by the regulation. Successful readiness is also aided by the regular and automatic defensible disposal of information that has no legal, regulatory or business value, a practice that can significantly reduce the burden on information asset managers to remain GDPR-compliant.
“A comprehensive and unified governance program is one of the main pillars of GDPR readiness because it ensures the involvement of all information stakeholders in the program, provides a single, centralized view of all information across the enterprise, and automates critical processes such as defensible disposal,” said Heidi Maher, CGOC Executive Director.. “As organizations build momentum for their GDPR-readiness programs, CGOC can be a helpful resource for implementing information governance strategies and practices.”
Key Survey Results
· Only 6 percent of respondents feel their organizations are compliant with GDPR requirements, and most organizations are concerned about the inability to demonstrate compliance and revealing their poor data disposal practices.
· 34 percent of executives will sometimes let operational and cost concerns override compliance with data protection regulations.
· 50 percent of respondents identify internal staff and practices as the biggest security threat vs. 38 percent who choose external hackers. Poorly classified content is the third highest concern.
· Although 85 percent of respondents say fine-tuning a defensible disposal program will benefit data protection initiatives, 40 percent have not even started one.
The complete Top Data Protection Challenges Survey results and infographic can be downloaded here.
About CGOC (Compliance, Governance and Oversight Council)
CGOC (Compliance, Governance and Oversight Council) is a forum of over 3,600 legal, IT, privacy, security, legal, records and information management professionals from corporations and government agencies. CGOC publishes reference guides and articles and conducts primary research. Its Benchmark Reports have been cited in numerous legal opinions and briefs and its ILG Leaders Guide has been widely referenced and adopted by organizations. CGOC has been advancing governance practices and driving thought leadership since 2004. For more information go to www.cgoc.com.