60% of businesses are not ready for GDPR

GDPR is only 3 short months away, but according to new research many businesses are unprepared and unaware of the potential fines for non-compliance, or the amount of work that needs to go into preparing for compliance.

A huge 60% of respondents to the Populus survey say they are not “GDPR ready”, despite the limited time remaining until the regulation comes into force. Only 35% are aware of the severe impact the heaviest GDPR fines – 2-4% of global turnover, or €10m-€20m, whichever is higher – could have on their business.

A particular standout statistic in the report is the time it’ll take to comply with GDPR. The report concluded that businesses will get, on average, 89 GDPR enquiries (or subject access requests) a month – likely to be requests regarding what data your business holds on the individual, right-to-be-forgotten requests and updates to personal information. This figure rises to 246 for large companies (defined as having over 250 employees). 

To respond to those 89 enquiries a month – and don’t forget, under GDPR businesses will have only 30 days to fulfil these requests – employees would have to search, on average, 23 databases. Each database search is estimated at 7 minutes; this equates to 172 hours per month, which means the average business will need one employee dedicated full-time to GDPR enquiries. For the larger businesses with 246 enquiries a month, that figure goes up to 1259 hours a month and would require 7.5 employees solely focused on GDPR enquiries and subject access requests.

Less than half of respondents said they were “very confident” they know where all of their data is stored, where 12% said they weren’t confident at all. A further 15% don’t believe they’ve accounted for all of their databases that contain Personally Identifiable Information (PII). Read our blog on discovering your PII data.

We know that it’s completely unrealistic for businesses to employ an extra 7 people solely for the purpose of database searching and that the process is prone to human error, so is there a way to automate this essential task?

The answer is yes.

Combining two best-in-class data solutions and TSG’s expertise, the PII Discovery Tool automates every process covered in this research. Firstly, intelligent metadata solution TermSet will search your databases, documents, file shares and anywhere else you might be storing PII data, and match up anything that contains any of its 21 pre-built PII data taxonomies, which include identifying information like names, dates of birth and credit card numbers. You can also create your own taxonomies that TermSet will identify, such as customer ID numbers.

Once TermSet identifies where you have PII stored and what that PII is, next-generation business intelligence platform Qlik Sense will allow you to search all of that data and very quickly identify the areas in which a person’s data is stored. You can also see additional vital information such as who has access to the data and how secured it is. In addition to this granular information, you can get high-level overviews, including how much of the data you’ve searched contains PII and the most common types of PII held in your data.

We’re offering a FREE trial of this tool so you can test it out and see if it fits with your business – sign up for the PII Discovery Tool free trial now.

The manual work involved in these processes could be impossible to manage. It’s highly unlikely that even huge enterprises will hire at least 7 new employees for the sole purpose of dealing with GDPR enquiries, and it’s a strain that could prove too large for those who don’t. The process is also incredibly prone to human error; your dedicated staff could search high and low in your systems and chances are they’d miss something. The data might have been transferred elsewhere by an employee. There might be a shadow IT-purchased legacy system that they’re unaware of. There are just too many unknowns, and even a dedicated team would be very costly to the business.

By deploying a ready-made solution, you could dramatically reduce the costs associated with GDPR enquiries, increase your staff productivity and remove any room for human error. With Discover+ you could use this tool for GDPR compliance and as your business’ core business intelligence platform; it’ll provide you with a sophisticated company-wide BI and analysis tool.

Many businesses are seeing GDPR as an opportunity to evaluate their processes, procedures and IT infrastructure setup. The survey also revealed that 39% of all-sized businesses are planning to overhaul their IT systems and databases; this figure rose to two-thirds for large companies. Whilst compliance is essential to avoid financial penalties from the Information Commissioner’s Office (ICO), you can also use it to your advantage by improving your business’ cyber security and onboarding tools that can have a wider business impact.

What next?

We’re hosting a webinar on how you can use technology to aid your GDPR compliance, particularly in regard to your processes, and we’ll be providing a live demo of our PII Discovery Tool. Sign up to our GDPR Processes webinar now, where you can have all of your burning questions answered.

Our dedicated GDPR section has lots of useful resources to help you understand what is required of you under GDPR, and some first steps to take.