The May 25 deadline for the EU’s General Data Protection Regulation (GDPR) is fast approaching, and all companies in the EU as well as those that deal with EU residents must comply with new data privacy laws, or face a fee. However, 65% of organizations are still not confident that their GDPR data will stay within the EU, according to a Tuesday report from Solix Technologies.
A recent UK government report found that less than half of businesses are aware of the upcoming GDPR laws, or what they mean for how information security is handled, as reported by ZDNet. This could pose a major financial problem for businesses, as non-compliance can result in fines of up to 4% of a company’s global annual revenue, or €20 million, whichever is higher.
Today, 22% of organizations said they are unaware that they must comply with GDPR, even if they are based outside of the EU but hold data of EU citizens.
“Based on our survey data, it’s clear that the majority of organizations are not currently prepared to meet GDPR requirements,” John Ottman, executive chairman of Solix Technologies, said in a press release. “There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers.”
Confusion still reigns over the GDPR’s “right to be forgotten,” as noted by ZDNet. This right allows an individual to request the deletion or removal of personal data when there is no longer a “compelling reason” for it to exist, according to the UK’s Information Commissioner’s Office.
Some 65% of organizations said they are unsure if an individual’s personal information is purged from all systems, forever, under this rule, the Solix report found. And 53% of organizations said they are not confident that processing of all personal data is based on explicit permission provided by the individual.
Further, 38% of organizations said that all their personal data under the new GDPR rules is not protected from misuse and unauthorized access at every stage in its lifecycle. And while 82% of organizations said they know where their sensitive data is stored, only 55% maintain audit trails for data consents, collections updates, and deletion.