6 in 10 organizations view their employees as the biggest threat to successful GDPR adherence and 4 in 10 believe that their current IT systems could also pose compliance risks, according to a GDPR awareness survey conducted by bluesource. The study also highlighted that, even though half (50%) are taking steps to prepare for GDPR compliance, nearly a third (30%) still believe that the regulations won’t affect them, and a fifth (20%) are not sure what to do next.
Over 80% of respondents stated that, with the deadline for GDPR compliance rapidly approaching, they are facing a major challenge, including increased security and governance around cloud environments such as Office 365 and shadow IT. 80% of those surveyed felt that big tech vendors have a responsibility to ensure that their own systems will meet GDPR regulations, as well as those of their customers, but are unsure how this will be achieved.
The increased financial impact of fines and the expected frequency of their enforcement, is a major concern for most surveyed. An overwhelming 90% indicated that a non-compliance fine would result in huge reputational damage for their organization and a loss of trust from customers, suppliers and staff.
Data breaches are already the second greatest cause of concern for business continuity professionals, according to the Business Continuity Institute's latest Horizon Scan Report, and once this legislation comes into force, bringing with it higher penalties than already exist, this level of concern is only likely to increase. Organizations need to make sure they are aware of the requirements of the GDPR, and ensure that their data protection processes are robust enough to meet these requirements.
On a more positive note, 45% of those surveyed have already nominated a member of a specific departmental function, including legal, compliance and IT security, to be solely dedicated to privacy and GDPR initiatives. However, 20% haven’t considered selecting a nominated person yet and 35% believe that finding a suitably qualified and experienced individual will be a challenge.
Sean Hanford, information governance consultant at bluesource, commented: "Our research across UK organizations indicates that there still remains a gap between GDPR awareness and action. There must be a swift attitude change towards data protection and staff clearly require better skills, so they become more data savvy."