However, only 51% of organisations indicated that regular Board level reporting was being undertaken in respect of GDPR readiness
A recent General Data Protection Regulation (or GDPR) readiness survey undertaken by the leading specialist law firm, Technology Law Alliance, shows that only 18% of UK and multi-national organisations are ‘highly confident’ that they will meet the deadline next May, for compliance with the new GDPR. Jagvinder Kang, Co-founder and Director of Technology Law Alliance, comments: “On the face of it, this seems to be a shocking figure, but it can be understood if you consider the challenges which organisations are facing.”
The survey results showed that the biggest challenges which organisations face, are dealing with the large number of systems on which data is stored and processed, and the lack of internal resource and know-how about GDPR. Kang explains: “Large organisations have complex systems and interactions with large numbers of databases. Although some organisations may have thought that Cloud Computing would simplify IT conceptually, it can give rise to problems from a data protection perspective.” He continues: “Cloud technology creates geographical data protection issues with regard to where the data is stored, coupled with issues about the interactions between different databases. Furthermore, it can exacerbate the problem of ‘shadow IT’, where individuals within large organisations procure IT without the authorisation of their IT departments - thus creating additional ‘data silos’ that are parallel to the organisations’ own official systems.”
With regard to the lack of internal resource and know-how, Kang comments: “In organisations, individuals not only have to do their ‘day jobs,’ but also have to find time to deal with the tasks associated with compliance activities. Such tasks need to be clearly explained as well, taking into account that there can be complexities about how best to implement GDPR compliance at an organisational level.”
With the ‘high confidence’ figure for GDPR compliance by 25th May 2018 being at such a low level, one would assume that this would have the attention of the Boards of the respective organisations. However, only 51% of organisations indicated that regular Board level reporting was being undertaken in respect of GDPR readiness. Kang notes: “This figure is alarming, especially as the survey responses showed that 78% of organisations regarded GDPR compliance as more important than other compliance programmes.”
In terms of what organisations are actually doing to prepare for GDPR, 89% of respondents indicated that their organisations were involved in some form of data mapping or data flow activity. However, only 41% had a detailed GDPR compliance plan in place. The discrepancy between these figures is a concern, as Kang cautions: “Organisations need to be wary about just undertaking resource-intensive work on data mapping, without thinking about what they are going to do with the output of it, and how the activity is going to move them to compliance. Unfortunately, too many organisations are treating the data mapping as an end in itself, when in reality it’s just the start of what could be a very long journey.”
Software tools can assist with GDPR compliance and know-how, and Technology Law Alliance has developed its own GDPR software compliance tool, ‘Asimuth’, from their spin off company, Asimuth Limited (www.asimuth.com). Kang explains: “The feedback which we have received is that a lot of organisations are anxious about the perceived scale of the task, and some don’t know how to progress or continue with GDPR compliance - so we have developed Asimuth to help them with that – not only for initial compliance up to 25th May 2018, but also for ongoing compliance beyond that date.”
Although the survey results revealed that there are clear challenges which GDPR compliance is imposing on organisations, over three-quarters of organisations saw GDPR compliance as a positive initiative. Organisations cited reasons such as: helping them focus more clearly on the way in which data is used internally; becoming more transparent with individuals with regard to use of their data; and improving security within their organisations. These positive benefits accord with the messages which the Information Commissioner’s Office (or ICO) is advocating, for organisations to embrace GDPR compliance.
The full GDPR Readiness Report (November 2017 edition), detailing additional survey results and analysis, is available free of charge for download from www.Asimuth.com
Notes for Editors:
• In-house legal counsel from 100 different UK and multi-national organisations (the majority of which had 1,000+ employees and £100million+ annual turnover; with almost a third of the organisations having over a billion pound annual turnover) from a wide range of different industry sectors, were recently invited to participate in the survey, to share insights into their organisations’ GDPR readiness and the challenges which they are facing.
• Technology Law Alliance is recognised by the premier Legal Directories, Legal 500 and Chambers & Partners, as a leading specialist technology law firm, focussing on IT, outsourcing, data protection (including GDPR compliance) and e-commerce legal work. The law firm has offices in London and in Birmingham. The firm has advised on billions of pounds worth of technology transactions for large corporates and multi-nationals. The firm acts for both suppliers and purchasers of technology products and services. Clients include such well-known companies as: Weetabix, Capgemini, Jaguar Land Rover and Peugeot Citroen.
• Asimuth is a GDPR compliance software tool created by the Directors of Asimuth Limited, all of whom are also Directors of Technology Law Alliance: Jagvinder Kang, Jeremy Newton, Stephen Ollerenshaw and Gavin Wakefield – all of whom are recognised by the premier Legal Directories as leading UK technology lawyers.
• Jagvinder Kang is a Co-founder and Director of Technology Law Alliance and Asimuth. He is both a specialist IT Lawyer, as well as a Qualified Software Engineer (First Class BSc (Hons) Computer Science and Software Engineering). He is recognised by both Legal 500 and Chambers & Partners as a Top Tier technology lawyer. He is also recognised by Legal 500 in its ‘Elite List of Outstanding UK Technology Lawyers Nationwide’.
• Technology Law Alliance’s website: www.TLA.Legal
• Asimuth’s website: www.Asimuth.com
FOR FURTHER INFORMATION PLEASE CONTACT:
TEL: 0203 059 6091 - EMAIL: jagvinder.kang@TLA.Legal