New research has revealed that more than a quarter of organizations (28%) do not feel completely compliant with the General Data Protection Regulation (GDPR), despite now being passed the 25 May deadline.
Security firm Imperva based its findings on a survey of 185 attendees at Infosecurity Europe 2018, with IT professionals, managers and executives among those polled.
When asked whether they thought they would pass their first GDPR audit, less than half of the respondents said they were very confident they would, while over one-third were somewhat confident and less than one-fifth were not confident.
With regards to knowledge of where the personal data of users resides in their systems, more than a third felt that they knew the location of such information, while more than half admitted that it would take them three months to get their house in order. Interestingly, though, almost 90% felt they could easily deal with subject data requests, with 57% saying their company had already received one.
“The deadline has now come and gone, yet the study shows that many organizations aren’t sure they have achieved GDPR compliance,” said Terry Ray, CTO of Imperva. “Any company that put GDPR off until the last minute now realizes compliance cannot be achieved overnight.”
Speaking to Infosecurity Jonathan Armstrong, partner at Cordery, said that Imperva’s findings are not a surprise, “except for those who think they are very confident they would pass an audit."
“It seems that many GDPR projects ran out of steam at the end of May with work still to be done,” he added. “We’re already seeing organizations get caught out – whether with a security breach, former employees or customers asking tough questions or an audit. It’s important to remember that GDPR compliance isn’t optional like some projects are. The volume of complaints we are seeing and the pro-active investigations of some regulators, like in the Netherlands, show us that GDPR compliance is as important now as it ever was.”