Research shows improved GDPR readiness, but 62% of businesses still at high risk of non-compliance fines

A new research by Compuware Corporation shows that UK and European firms are least prepared to comply with GDPR readiness.

Compuware Corporation, the world’s leading mainframe-dedicated software company, today released new research revealing that, despite making progress over the past 12 months, the majority of European and U.S. businesses are still inadequately prepared to comply with the new EU General Data Protection Regulation (GDPR), due to be enacted next year.

Key findings include:

• 67% of European organisations say they are well-briefed on the GDPR and the impact it will have on the way they handle customer data; an improvement from 55% when the same question was asked last year.
• Of the 94% of U.S. organisations that possess European customer data, 88% claim to be well briefed on the GDPR and its impact on the way they handle that data; a significant rise from the 73% who responded affirmatively when asked the same question last year.
• Only 38% of all respondents have a comprehensive plan in place for how they will comply with GDPR, leaving the majority at risk for non-compliance fines. This is only a slight improvement from the 33% who had a comprehensive plan in place last year.

However, the findings reveal that U.S. organisations are better prepared for the EU GDPR than their European counterparts. 60% of U.S. respondents with European customer data said they have a detailed and far-reaching plan in place, marking a slight rise from 56% that had plans last year. The UK was least prepared, with just 19% of organisations having a detailed plan in place, rising only slightly from 18% when the question was asked last year.

“Businesses are clearly heading in the right direction on GDPR compliance, but there is still a long way to go in a very short timeframe,” said Dr Elizabeth Maxwell, PDP, Technical Director, EMEA, Compuware. “UK businesses may be behind due to initial uncertainty over the impact of Brexit. But any organisation doing business in Europe will need to fall into line by the May 2018 deadline. Failure to comply could lead to devastating consequences should a data breach occur, something all too common given the growth of cybercrime and insider threats.”

Compliance hurdles

Identifying the areas of biggest concern, 56% of all respondents said that data complexity and ensuring data quality are the two biggest hurdles they will need to overcome to achieve GDPR compliance.

In addition, 75% of organisations said the complexity of modern IT services means they can’t always know where all customer data resides, whilst just over half (53%) said they could locate all of an individual’s data quickly, as will be required to comply with the “Right to be Forgotten” mandate included within the GDPR. Most worryingly of all, nearly a third (31%) admitted that, at present, they couldn’t guarantee they would be able to find all of a customer’s data.

“It will be impossible to comply with the GDPR’s ‘Right to be Forgotten’ if organisations can’t find customer data,” continued Maxwell. “Due to its security and scalability, most large organisations store most of their customer data on the mainframe. This data usually resides in a complex rabbit warren of databases spanning multiple systems, and organizations use manual, time-consuming methods to find and extract it. Businesses need an automated way to map and visualise data relationships, so they can quickly find the specific and relevant data and delete it, without needing specialist skills.”

Commissioned by Compuware and conducted by independent research company Vanson Bourne, the survey was administered to 400 CIOs at large companies covering a cross-section of vertical markets in France, Germany, Italy, Spain, the UK and the U.S.