Data Applications provider Solix Technologies released the results Tuesday of a survey outlining the General Data Protection Regulation (GDPR) readiness assessment, revealing that the majority of organizations are not prepared for May 2018 GDPR enforcement.
GDPR regulates how information of EU residents is collected, stored, used, processed, transferred and deleted by an organization, even those in the United States who do business with residents of the European Union. Non-compliance can result in fines of up to 4% of the company’s global annual turnover or €20 million, whichever is higher.
Solix's study -- conducted between October and December 2017 with IT professionals at more than 100 companies -- suggests that 65% of organizations are unable to comply with GDPR or unsure whether an individual’s personal information is purged from all systems forever, and 22% are unaware they must comply with GDPR, even if they are based outside of the European Union (EU), but hold the data of EU citizens.
Among the companies surveyed, 65% are not confident that their GDPR data will remain within the EU. Some 53% are not confident that processing of all personal data is based on explicit permission provided by the individual. And while 82% know where their sensitive data is stored, only 55% maintain audit trails for data consents, collections updates, and deletion.
The data also shows that 38% of organizations say that all their personal data under the new GDPR rules is not protected from misuse and unauthorized access at every stage in its lifecycle. And 64% of organizations do not have a Data Protection Officer (DPO).