GDPR 'right to be forgotten' still confusing many organisations

null

The deadline for GDPR is getting closer by the minute, however many organisations are still ill-prepared for the many new rules set to come into place. 

According to new research from Solix, this includes widespread confusion over what the 'right to be forgotten' really means, and how it should be put into practice.

Solix claims that two thirds of organisations are unsure if the user's data should be deleted from all systems, forever. And less than half (43 per cent) don't have properly set-up deletion mechanisms and confirmation checks.

More than four in five (82 per cent) don't even know where their most sensitive data is stored, and 55 per cent maintain audit trails for data consents.

"It's clear that the majority of organizations are not currently prepared to meet GDPR requirements," said John Ottman, Executive Chairman of Solix Technologies. "There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers."

GDPR, or General Data Protection Regulation, is an EU directive that will come into force on May 25 2018. It aims to regulate how businesses collect, store, secure and share personal data of its EU users.

Those businesses that fail to comply with these regulations are looking at hefty fines - €20 million, or up to four per cent global annual turnover, whichever is greater.

Image source: Shutterstock/Wright Studio