Canadian companies have yet to get up to speed on the General Data Protection Regulation (GDPR). Only 12% are ready for May implementation, and a mere 11% understand what personal data is,
according to a study by Commvault.
Of those polled, 89% of companies and IT personnel admit they are confused by key elements of the GDPR.
In addition, 9% believe they can effectively
anonymise their data, and 8% feel they can collate and move data to another organization at a consumer’s request, the company says. And 18% are able to delete data on request from all data
stores.
Only 16% feel confident that they can immediately find data on specific persons. Of those polled, 36% say it would take hours to collect this data, and 25% feel it would take
days. Worse, 18% admit it would take weeks, and 5% say there is no way they can find this data.
This hampers their ability to comply with the GDPR’s Right to Be Forgotten — and
GDPR itself.
“As a result of this lethargy, it is highly likely that we will see a number of high profile organisations hitting the headlines for contravening GDPR soon after it
comes into effect next May, mainly due to a lack of understanding of the data they hold and its relationship to GDPR,” commented Nigel Tozer, solutions marketing director EMEA.
The study
also found:
- 21% have a good understanding of what GDPR means in practice
- 18% understand what data they have and where it lives
- 17% grasp potential impact of GDPR on
the overall business
- 12% understood how GDPR would affect cloud services
Tozer concludes: “Unfortunately, there is still a big disconnect between business and IT
leadership on GDPR, with the business thinking there is a switch to flick, and IT still thinking it’s a business process problem.”