Survey: Only 7% of Businesses GDPR-Compliant as Deadline Looms, Data Privacy Gains Prominence
Thursday, May 10th, 2018
In the wake of the Facebook and Cambridge Analytica data misuse, public attention to the importance of data privacy has been heightened. Yet, with only a month until the General Data Protection Regulation deadline goes into effect– 93 percent of respondents to a new survey from business analytics leader SAS say they are not yet fully GDPR compliant.
Less than half (46 percent) of the global organizations surveyed reported that they expect to be compliant when GDPR goes into effect May 25. Among surveyed U.S.-based organizations just 30 percent expect to meet the deadline. The EU is slightly more prepared, with 53 percent of the EU organizations surveyed expected to meet the deadline.
The GDPR gives EU residents privacy rights that give them greater control over how companies handle their personal data. Any organization that is storing or processing data on EU residents may have GDPR compliance obligations, even if the organization isn't in the EU.
In February, SAS conducted a global survey of 183 business people in a wide variety of industries who have a role in preparing their organizations for GDPR. The survey highlights the biggest challenges and opportunities organizations face on the road to GDPR compliance.
"The demand for data privacy is not going away. We want to make sure organizations are ready to help their customers understand how their data is being used," said Todd Wright, Senior Product Marketing Manager at SAS. "To do that, organizations need to engage every element of their business operations in a long-term GDPR and privacy program. Just leaving it up to IT to figure out is a recipe for failure."
Though the survey shows that most organizations are not ready for the fast-approaching GDPR deadline, they are working to become compliant (93 percent have a plan in place or expect to have one). And the majority of respondents anticipate benefits for their organizations that will result from their efforts to become GDPR compliant.
"Consumers are now demanding the kind of trust that GDPR requires," Wright said. "Organizations that comply will have much stronger data management that leads to increased productivity and a better understanding of how to serve their customers."
In fact, 84 percent of all respondents and 91 percent of European Union respondents said they expect GDPR to improve their data governance. Sixty-eight percent of respondents also anticipate that GDPR will increase trust between them and their customers. Improved personal data quality, enhanced organizational image, and a move toward a data-driven organization were additional benefits organizations expect to gain by GDPR compliance.
Additional highlights from the survey include:
-
Fifty-eight percent of global respondents have a structured plan in process to comply with GDPR and another 35 percent are planning to have one. This is up from SAS' 2017 survey, which found that less than half (45 percent) of respondents had a structured plan in place to comply with GDPR.
-
However, 15 percent of U.S. respondents and 4 percent of EU respondents said their organization had no plans to develop a structured process to comply with GDPR.
-
To get a GDPR compliance plan in place, organizations need help. Seventy-five percent of respondents said that they have obtained or plan to obtain legal or consulting support.
-
Sixty-three percent said GDPR will have a significant effect on how their organization conducts business.
-
Identifying all sources of stored personal data, followed by acquiring the skills to manage GDPR compliance, were listed as the top challenges organizations face in preparing for GDPR.
-
Additionally, almost half of the respondents (49 percent) reported that GDPR would have a significant impact on their organizations artificial intelligence projects.
-
Establishing informed consent, logging and presenting to auditors with details on the use of profiling, and requiring human involvement in AI decisions are the three compliance requirements that are most concerning to participants regarding their artificial intelligence projects.
-
Seventy-five percent of respondents also expect GDPR compliance to have a significant effect on their IT operations.