According to the Veritas 2017 GDPR Report, which covers the UK, US, France, Germany, Australia, Singapore, and Japan, almost one-third (31%) of businesses believe that their company already conforms to the legislation's key requirements. However, when they were asked about specific GDPR provisions, a whopping 98% fell way short.
The findings reveal a catalogue of failings: almost half (48%) of organisations who stated they are compliant do not have full visibility over personal data loss incidents, while 61% of the same group admitted that it is difficult for their organisation to identify and report a personal data breach within 72 hours of awareness – a mandatory GDPR requirement.
In addition, some 50% of so-called compliant organisations said that former employees are still able to access internal data. Meanwhile one-fifth (18%) admitted that personal data cannot be purged or modified and a further 13% conceded that they do not have the capability to search and analyse personal data to uncover explicit and implicit references to an individual. They are also unable to accurately visualise where their data is stored, because their data sources and storage facilities are not clearly defined.
Veritas vice president of Northern Europe Jason Tooley said: “The results today show that more education is needed on the tools, processes and policies to support information governance strategies that are required to comply with the GDPR requirements.
"Creating an automated, classification-based, policy-driven approach to GDPR is key to success and will enable organisations to accelerate their ability to meet the regulatory demands within the short time frames available.”