ISACA research identifies GDPR compliance barriers, benefits
Rolling Meadows, IL, USA (16 May 2018)—The GDPR compliance deadline looms two weeks away, but only 29 percent of companies will be ready, according to a new global survey conducted by ISACA. Conducted last month, ISACA’s GDPR Readiness Survey provides a near-real-time look at readiness levels, top compliance barriers and expected readiness timeframes.
GDPR, a regulation out of the European Union, impacts entities doing business in or with the EU starting 25 May 2018. Not only are most unprepared for the deadline, but only around half of the companies surveyed (52 percent) expect to be compliant by end-of-year 2018, and 31 percent do not know when they will be fully compliant.
According to ISACA’s research, the top five challenges related to GDPR compliance are:
- Data discovery and mapping (59 percent)
- Prioritizing GDPR compliance among other business priorities (47 percent)
- Organizational education and change programs (45 percent)
- Ensuring cross-departmental collaboration and buy-in (42 percent)
- Preparation for data subject access or deletion requests (37 percent)
Cost was the seventh-highest concern, at 32 percent. About 27 percent say it will cost under US $1 million to become GDPR compliant, with 15 percent spending $1 million or more. More than half of the business technology professionals surveyed were unsure how much their organizations would be spending.
Among the survey’s most concerning findings is the level of employee education on GDPR and their role in compliance. Only 39 percent of respondents say their organizations’ employees have been educated to a satisfactory level about their responsibilities to maintain GDPR compliance.
“Employee awareness and education are critical components of ongoing GDPR compliance,” said Chris K. Dimitriadis, Ph.D., CISM, CRISC, CISA, past board chair of ISACA and chair of ISACA’s GDPR Working Group. “Awareness of—and commitment to—well-defined security, data management, and privacy policies and procedures clearly need to be an integral part of every organization’s culture, from the top down.”
The good news is that the majority of executive leaders recognize the importance of GDPR and its implications. According to the ISACA data, nearly 7 in 10 respondents (69 percent) believe their organization’s executives have made becoming GDPR-compliant a priority.
Organizations also expect to achieve significant benefits from GDPR compliance. The top three anticipated positive outcomes are:
- Greater data security (60 percent)
- Improved business reputation (49 percent)
- Marrying data security best practices with corporate culture (43 percent)
“One of the most practical and cost-effective ways organizations can support GDPR and other compliance requirements is to help employees understand the business value of the information they deal with on a regular basis,” said Tim Upton, CEO at TITUS, which sponsored ISACA’s survey and research report. “That way, employees become more aware of their responsibilities when it comes to handling and protecting data within the flow of work, providing added value to the ways organizations earn and maintain the trust of customers and employees.”
More information on the survey, including insights from GDPR experts, is available at www.isaca.org/gdpr-readiness-survey.
Nearing its 50th year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters and offices in both the United States and China.
Michelle Micor, +1 .847. 385.7217, firstname.lastname@example.org
Kristen Kessinger, +1.847.660.5512, email@example.com