Security

65% of organizations will fail to meet critical GDPR compliance by deadline

Failure to comply with GDPR could result in a fine of €20 million. Here's what has organizations confused about the regulations.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • 65% of organizations are still not confident that their GDPR data will stay within the EU — Solix Technologies, 2018
  • 22% of organizations are unaware that they must comply with GDPR, even if they are based outside of the EU but hold data of EU citizens. — Solix Technologies, 2018

The May 25 deadline for the EU's General Data Protection Regulation (GDPR) is fast approaching, and all companies in the EU as well as those that deal with EU residents must comply with new data privacy laws, or face a fee. However, 65% of organizations are still not confident that their GDPR data will stay within the EU, according to a Tuesday report from Solix Technologies.

A recent UK government report found that less than half of businesses are aware of the upcoming GDPR laws, or what they mean for how information security is handled, as reported by our sister site ZDNet. This could pose a major financial problem for businesses, as non-compliance can result in fines of up to 4% of a company's global annual revenue, or €20 million, whichever is higher.

Today, 22% of organizations said they are unaware that they must comply with GDPR, even if they are based outside of the EU but hold data of EU citizens.

SEE: EU General Data Protection Regulation (GDPR) policy (Tech Pro Research)

"Based on our survey data, it's clear that the majority of organizations are not currently prepared to meet GDPR requirements," John Ottman, executive chairman of Solix Technologies, said in a press release. "There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers."

Confusion still reigns over the GDPR's "right to be forgotten," as noted by ZDNet. This right allows an individual to request the deletion or removal of personal data when there is no longer a "compelling reason" for it to exist, according to the UK's Information Commissioner's Office.

Some 65% of organizations said they are unsure if an individual's personal information is purged from all systems, forever, under this rule, the Solix report found. And 53% of organizations said they are not confident that processing of all personal data is based on explicit permission provided by the individual.

Further, 38% of organizations said that all their personal data under the new GDPR rules is not protected from misuse and unauthorized access at every stage in its lifecycle. And while 82% of organizations said they know where their sensitive data is stored, only 55% maintain audit trails for data consents, collections updates, and deletion.

To learn more about how to get your company on track to comply with GDPR, click here.

Also see

istock-875666576.jpg
Image: iStockphoto/Pe3check

About Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox