UK efforts to comply with GDPR hit by 'triple whammy'
Information Commissioner Elizabeth Denham may be optimistic that UK companies will be compliant with GDPR before next May's deadline, but most firms do not share her view, with a new study exposing a "triple whammy" of roadblocks to compliance.
The report by Citrix, based on a survey of 500 IT decision makers at companies across the UK with 250 or more employees, cites three major issues affecting GDPR compliance, data sprawl, the influx of personal customer information and uncertainty around data ownership.
It found that the average UK business now uses 24 systems to manage and store personal data, with one in five using 40. Meanwhile almost half share personal data from customers with other businesses.
On a daily basis, large enterprises collect data from 577 individuals, with 25% collecting data from more than 1,000 people every day.
And despite the fact that almost two-thirds store and manage personal data based on predictive analytics, they could not agree who owns the data. A quarter think the customer is the owner, while half think it is the company.
“GDPR will do far more than strengthen data privacy rights. The regulation will set a high bar for responsibility and accountability – and not one that every business will meet,” commented Chris Mayers, chief security architect at Citrix.
“While many British organisations are taking steps to achieve compliance in time for the May 2018 deadline, our research clearly reveals some significant obstacles, including uncontrolled data sprawl and lack of understanding around data ownership.”