Canadian companies have yet to get up to speed on the General Data Protection Regulation (GDPR). Only 12% are ready for May implementation, and a mere 11% understand what personal data is, according to a study by Commvault.
Of those polled, 89% of companies and IT personnel admit they are confused by key elements of the GDPR.
In addition, 9% believe they can effectively anonymise their data, and 8% feel they can collate and move data to another organization at a consumer’s request, the company says. And 18% are able to delete data on request from all data stores.
Only 16% feel confident that they can immediately find data on specific persons. Of those polled, 36% say it would take hours to collect this data, and 25% feel it would take days. Worse, 18% admit it would take weeks, and 5% say there is no way they can find this data.
This hampers their ability to comply with the GDPR’s Right to Be Forgotten — and GDPR itself.
“As a result of this lethargy, it is highly likely that we will see a number of high profile organisations hitting the headlines for contravening GDPR soon after it comes into effect next May, mainly due to a lack of understanding of the data they hold and its relationship to GDPR,” commented Nigel Tozer, solutions marketing director EMEA.
The study also found:
Tozer concludes: “Unfortunately, there is still a big disconnect between business and IT leadership on GDPR, with the business thinking there is a switch to flick, and IT still thinking it’s a business process problem.”