• by Ray Schultz , February 5, 2018

Canadian companies have yet to get up to speed on the General Data Protection Regulation (GDPR). Only 12% are ready for May implementation, and a mere 11% understand what personal data is, according to a study by Commvault.

Of those polled, 89% of companies and IT personnel admit they are confused by key elements of the GDPR.

In addition, 9% believe they can effectively anonymise their data, and 8% feel they can collate and move data to another organization at a consumer’s request, the company says. And 18% are able to delete data on request from all data stores. 

Only 16% feel confident that they can immediately find data on specific persons. Of those polled, 36% say it would take hours to collect this data, and 25% feel it would take days. Worse, 18% admit it would take weeks, and 5% say there is no way they can find this data.

This hampers their ability to comply with the GDPR’s Right to Be Forgotten — and GDPR itself. 

“As a result of this lethargy, it is highly likely that we will see a number of high profile organisations hitting the headlines for contravening GDPR soon after it comes into effect next May, mainly due to a lack of understanding of the data they hold and its relationship to GDPR,” commented Nigel Tozer, solutions marketing director EMEA.

The study also found:

• 21% have a good understanding of what GDPR means in practice
• 18% understand what data they have and where it lives
• 17% grasp potential impact of GDPR on the overall business
• 12% understood how GDPR would affect cloud services

Tozer concludes: “Unfortunately, there is still a big disconnect between business and IT leadership on GDPR, with the business thinking there is a switch to flick, and IT still thinking it’s a business process problem.”