GDPR Todd Goldman July 26, 2017

If You’re Prepared for GDPR, You’re as Rare as an Endangered Species

Well, well. Apparently when it comes to the European Data Protection Regulation (GDPR), you’re ill prepared and might not even know where to begin.

Okay, maybe you do know where to begin. Maybe, as far as GDPR goes, you and your company are just fine.

If so, you’re about as rare as the northern hairy-nosed wombat. (As of 2013, there were less than 200 of those cuddly little creatures.)

To be sure, according to a recent survey issued by Experian and the Ponemon Institute, only 9 percent of the companies they queried are prepared for GDPR. Half of them don’t even know where to start. Experian and Ponemon said these organizations are even “intimidated” by the new regulation. They don’t have the understanding to properly address the organizational changes they need to make in order to comply.

Furthermore, the study discovered that 56% of the companies surveyed had experienced a data breach just within the past five years. Stunning, right? What’s even more stunning is that 32% of companies still don’t have a response plan in place. So, basically, the bad guys have proven they can break in, take their data, and a third of our organizations admit they don’t know what to do about it. No wonder when half of respondents said their existing security solutions are outdated. Meanwhile, only 38% of those surveyed felt their C-level executives consider their global privacy and data protection regulations as a top priority.

Let’s be clear: these are top priorities.

Let’s be clear about something else: security and compliance go hand in hand. If your data isn’t secure, your data isn’t compliant.

And to that 34 percent that apparently told Experian and Ponemon that they’re preparing for GDPR by closing some overseas operations, I have something to tell you: this will do nothing to protect your organization from regulations affecting your data. What matters is the citizenship of the user whose data is being housed—not where that data is being housed.

For the uninitiated, GDPR is a set of laws that will give consumers an unprecedented amount of control over how their personal data is used. Breaking GDPR protocols could cost organizations as much as €20,000,000 or 4% of their total worldwide revenue (whichever is higher). And as I’ve written about in the past, how can businesses comply with such regulations when they don’t know what and where most of their data is even located? How can they comply when so much of that dark data is unsecure?

Lest we forget, this is what Waterline Data helps companies do. We help our customers shine a light on their data so it is no longer dark. So it can be governed for the sake of both security and compliance as well as put to use for the business.

If you are interested in learning more about data catalogs and GDPR, here is a  white paper by Sunil Soares of Information Asset, a leading data governance consulting firm .

In the meantime, the good news for you, Miss or Mister Reader—and any other folks that may already be prepared for GDPR)—is while you may be as rare as an endangered species (sorry about that), you can at least be sure you’re among the smarter rascals who won’t be going anywhere anytime soon.