Top Corporate Data Protection Challenges

Top Corporate Data Protection Challenges

The EU’s General Data Protection Regulation (GDPR) was enforced on May 25, 2018, but according to Top Corporate Data Protection Challenges, a CGOC survey of 132 compliance officers from organizations around the world and across multiple industries, only 6 percent of respondents felt their organizations are currently compliant with the impending regulation, with most organizations concerned about their poor data disposal practices and ability to demonstrate compliance.

This is surprising news given the amount of attention the regulation has received over the last couple of years. Organizations that have yet to begin a GDPR-readiness program are likely to face an even bigger surprise next year as they scramble through a more painful, disruptive and costly effort.

For years before the passage of the GDPR, we provided advice and resources to help organizations adhere to the European Data Protection Directive. However, the Directive created only a minimum standard and the response has been all over the map. Many countries implemented higher and different standards, leading to confusion, while some organizations have elected to risk incurring fines rather than invest in compliance. The GDPR now harmonizes all of the data protection laws in the EU to protect the personal information of its citizens and residents – and with that will likely come more consistent enforcement and penalties.

GDPR readiness compels organizations to know the type, value, and location of the information they store, and to delete, change or provide information as required by the regulation. The regular and automatic defensible disposal of information that has no legal, regulatory or business value is also important and can significantly reduce the burden on information asset managers to remain GDPR-compliant.

These activities are all part of the comprehensive and unified governance program that the CGOC has advocated for years. Such a program ensures the involvement of all information stakeholders in the program, provides a single, centralized view of all information across the enterprise, and automates critical processes such as defensible disposal.

As companies realize they are behind the next data regulation, they can count on the CGOC as a helpful resource for implementing information governance strategies and practices including the Information Governance Process Maturity Model. 

Key findings of the survey include:

  • Only 6 percent of respondents feel their organizations are compliant with GDPR requirements, and most organizations are concerned about the inability to demonstrate compliance and revealing their poor data disposal practices. Organization size had no significant impact on GDPR readiness levels.
  • 34 percent of executives will sometimes let operational and cost concerns override compliance with data protection regulations.
  • 57 percent of organizations train staff on data protection compliance, with 25 percent doing regular training and audits.
  • 50 percent of respondents identify internal staff and practices as the biggest security threat vs. 38 percent who choose external hackers. Poorly classified content is the third highest concern.
  • Although 85 percent of respondents say fine-tuning a defensible disposal program will benefit data protection initiatives, 40 percent have not even started one.

Download the GDPR resource guide to discover how a Unified Governance program can create the foundation for successful GDPR compliance, while enabling improved business insight, increased productivity, and reduced cost and risk. Start your compliance journey today!