Skip to main content

Only a fifth of UK large businesses are ready for GDPR

(Image credit: Image source: Shutterstock/Wright Studio)

Less than a fifth of large UK and multi-national organisations say that they are highly confident they’ll meet GDPR compliance requirements on time, a new report says. 

According to the General Data Protection Regulation survey conducted by Technology Law Alliance, just 18 per cent of companies will be ready for GDPR in May 2018.

The report says that a large number of systems that tore and process data, as well as the lack of internal resource and know-how, are these companies’ biggest challenges.

The report also says this problem isn’t exactly drawing the full attention of the Boards in respective organisations, even though it should be. “With the ‘high confidence’ figure for GDPR compliance by 25th May 2018 being at such a low level, one would assume that this would have the attention of the Boards of the respective organisations,” it says.

Yet 51 per cent of respondents said regular Board level reporting was undertaken in respect of GDPR readiness.

Businesses aren’t sitting idly, though. Almost nine in ten (89 per cent) were involved in ‘some form of data mapping’. Four in ten (41 per cent) have a detailed GDPR compliance plan in place.

Jagvinder Kang, co-founder and director of Technology Law Alliance, comments: “On the face of it, this seems to be a shocking figure, but it can be understood if you consider the challenges which organisations are facing.”

“Large organisations have complex systems and interactions with large numbers of databases. Although some organisations may have thought that Cloud Computing would simplify IT conceptually, it can give rise to problems from a data protection perspective.” 

“Cloud technology creates geographical data protection issues with regard to where the data is stored, coupled with issues about the interactions between different databases. Furthermore, it can exacerbate the problem of ‘shadow IT’, where individuals within large organisations procure IT without the authorisation of their IT departments - thus creating additional ‘data silos’ that are parallel to the organisations’ own official systems.”

Image source: Shutterstock/Wright Studio