Those of you in your 40s and 50s may remember the movie Breakin’. Then again, you probably don’t.
Released May 4, 1984, it eventually out grossed Sixteen Candles—a film I’m certain you do remember—$39M to $24M.
The sequel, Breakin’ 2: Electric Boogaloo, followed the original by a mere nine months. As far as I can tell, that’s a modern box office record.
But we at Waterline Data have that beat. (Blog-wise, anyway.) Just two weeks after presenting our initial MakeBigDataWork poll results in what has become known throughout the industry as our “Carpenters post”, we’re following up with some new data that shows 59% of the data professionals we polled can’t confidently explain the ins and outs of the General Data Protection Regulation (GDPR), which takes effect in May next year.
Of those who are more familiar with GDPR is (we hope), less than 20% of organizations have been able to define their “personal data” to ensure proper governance and reporting for GDPR.
Is this surprising? Perhaps not. The enterprise/tech media has documented a staggering lack of readiness from all quarters. But, here’s the thing. Some of the surveys that reporters get their information from are being taken by employees within organizations who may not have the depth of internal knowledge to rightfully say just how prepared or unprepared their organizations are. They might not fully know.
The data professionals we queried, on the other hand, should know. GDPR readiness is, specifically, their problem. And when we asked them about their progress in defining personal data, 39% said they’re at least working on it while 42% said they’re not working on it.
More troubling is when you combine this data with the everyday conversations we have with the same data professionals: as US-based multinationals, many are surprised to discover (or will continue to argue) that GDPR even applies to them. This despite the fact that the “Territorial Scope” section of GDPR (Article 3) says the regulation applies to the processing of personal data of “data subjects” residing in the European Union. In other words, if you have customers who reside in the EU, you’re bound by GDPR.
But the reality is most US-based organizations are still just getting their arms around understanding GDPR. The Chief Data Officer (or his or her equivalent) needs to help other senior management understand the requirement and work to align data management professionals with the legal and compliance professionals within the company. Oh, except according to our research, very few (13%) multinational organizations employ a CDO! In fact, 26% at least have someone acting as CDO, but the bulk of organizations—62%—aren’t even considering a CDO-type hire, which again isn’t all that surprising and is actually even somewhat heartening if you look at it from the perspective that the term “Chief Data Officer” was only just coined a couple of years ago.
Okay, so CDO aside, where are the organizations that are familiar with GDPR in the overall GDPR preparation process? Take a look for yourself:
In looking at the data above, you may wonder, “Where’s the purple bar for completions?” Well, there isn’t one. Once again, not a big surprise. Nor the fact that nearly a third of organizations haven’t even started. But let’s remember these are the folks who at least have some familiarity with GDPR and realize it’s something they need to tackle.
They’re like Turbo trying to figure out how to breakdance on the ceiling. But like the gravity-defying Breakin’ dancer, they’re sure to figure it out. As for the 59% who perhaps half jokingly (and half not) admit they’re barely even aware of GDPR’s existence, time’s a tickin’.