The GDPR’s “right to erasure,” (53%) “data protection by design and by default,” (42%) and “records of processing activities” (39%) are cited as among the biggest challenges organisations face in achieving compliance. This is according to the GDPR Preparation and Challenges Survey Report from Cloud Security Alliance (CSA), the world’s leading organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. A leader in cloud security and a CSA Corporate Member, Netskope, commissioned CSA to assess the preparedness of organisations across a wide spectrum of industries in terms of their ability to meet the May 25, 2018, European Union General Data Protection Regulation (GDPR) compliance deadline.
“With enforcement of the new regulation beginning in a matter of weeks, not months or years, and with serious monetary penalties at stake, security and privacy can no longer be an afterthought,” said Netskope CEO Sanjay Beri. “Alarmingly, 27 percent of survey respondents reported having little to no familiarity with the GDPR even with the deadline for compliance a little more than a month away. This holds serious implications for enterprises as well as their customers.”
“Even though the articles of the GDPR have been published since April 2016, understanding how to meet those requirements remains a barrier for many organisations,” said Jim Reavis, CEO, Cloud Security Alliance. “Together with Netskope, we wanted to add to the industry’s knowledge and preparedness of GDPR and highlight the GDPR’s impact on the industry.”
The report collected over 1,000 respondents addressing GDPR challenges in their organisations in such areas as their ability and confidence to achieve compliance; what—if any—organisational plans they have in place; which technology solutions and mechanisms are being used to meet GDPR requirements; what they consider to be the most challenging elements of GDPR in terms of compliance; and the impact of GDPR on company plans for the adoption of new technologies, provider relationships, and budgets.
Among the report’s key findings are:
- Documentation of data-collection policies (68%), codes of conduct (56%), and third-party audits and assessments (55%) are among the most common tools being used to demonstrate GDPR compliance.
- Thirty-one percent of companies have well-defined plans for meeting GDPR compliance, 85 percent have something in place, and 73 percent have begun executing that plan.
- Fifty-nine percent of companies are making GDPR a high priority. Even so more than 10 percent of companies still have no defined plan to prepare for GDPR.
The survey questionnaire was distributed to the open community from January 25 to February 21, 2018, and collected a total of 1,129 respondents used to analyse organizational awareness and preparedness on GDPR for this report.
Download the full GDPR Preparation and Challenges Survey Report.