You may remember that in May, the EU activated the GDPR legislation that requires firms to follow much stricter privacy rules and offer customers more control over their data. Despite the time that has passed since then, 28% of firms told an Imperva Survey that they don’t feel like they’d pass a GDPR audit today.
The troubling findings reveal that less than half of surveyed organisations say they are confident they’d pass a GDPR audit, while slightly more than one-third were somewhat confident, and one-fifth said they were not confident.
Discussing the findings, Terry Ray, CTO at Imperva, said:
“The deadline has now come and gone, yet the study shows that many organizations aren’t sure they have achieved GDPR compliance. Any company that put GDPR off until the last minute now realizes compliance cannot be achieved overnight. It does not surprise me that many organizations feel unsure about the idea of a GDPR audit. The truth is many would fail.”
One of the big aspects of GDPR is that users now have a right to see their data that a company holds on them. Ninety-percent of respondents claimed that they could easily respond to requests from individuals who asked for their information, and 57% had actually received such a request. Despite this, only around a third said they knew where personal data resided on their systems and that more than half would need an extra three months to “get their house in order.”
The data was collected by Imperva from 185 attendees at the Infosecurity Europe 2018 conference. While the number of respondents isn’t huge it could signal a wider problem among organisations. Those that do not sort out their issues will likely get slapped with a fine at some point down the line. However, many firms operating outside the EU, including the likes of the LA Times have decided to suspend online operations in the European Union while they (presumably) get themselves GDPR-compliant.