Organisations don’t have clear processes and adequate technology to address the ‘right to be forgotten’, a new study by Blancco Technology Group suggests.
The study, entitled EU GDPR: A Corporate Dilemma, was published as the formal ratification of the EU General Data Protection Regulation draws closer.
It surveyed more than 500 global IT professionals in 20 different types of businesses, and the results are just in:
Some 40 per cent of surveyed professionals are unprepared for the GDPR, even though the awareness sits at 48 per cent. Of those unprepared, 16 per cent are looking for the right software and 9 per cent have no clue where to start. The icing on the cake are those 15 per cent that don’t even know if they’re prepared or not.
The GDPR is likely to be violated as businesses and IT professionals lack documentation, tools and processes. More than half (60 per cent) said it would take their business up to 12 months to implement processes needed for the right to be forgotten.
Most valuable technology is the software to erase data, followed by encryption key removal tools and malware removal tools.
“Because the EU GDPR negotiations stretched on for the last four years, many organizations held out hope that an agreement would be postponed, or if things went the way they hoped, the negotiating parties would never come to agreement,” said Pat Clawson, CEO of Blancco Technology Group. “But now that the EU GDPR is a reality and the new privacy rules will be ratified by the European Council in early 2016, many organizations have a considerable amount of work ahead of them to align their IT governance and data protection programs with both regulatory and customer demands.”
For businesses looking to fully comply, here's (PDF) what you need to do.