Waterford Technologies GDPR Survey

GDPR Survey 

GDPR legislation will come into full effect on May 25th 2018, enshrining full accountability for personal Data Protection. Processing, retaining and sharing Data which contains personal or personal sensitive information will be subject to stringent new rules and all organisations handling Data will need to be prepared for this. Waterford Technologies conducted a survey on our client base and the wider marketplace during October and November 2017 and some of the findings were surprising, even for our experts who deal with Data Management issues every day. 

Survey Delivery

In October and November 2017, we carried out a survey with a focus on Data Management, Compliance and GDPR.

We polled 2,050 decision makers from our client database and across many industries in Ireland, Europe and the UK in the following roles:

  • IT Directors and Managers
  • Data Protection Officers
  • CIOs
  • Compliance Managers
  • Legal representatives

From the 1,500 responses, we summarised the findings of this survey to spotlight the challenges that organisations experience at the moment in terms of Data Protection and especially GDPR readiness and preparation.

GDPR Compliance

Massive Email “Fail”

Although organisations still conduct the vast majority of business communications through email, a staggering 87% of survey respondents had not made any proper planning provision for dealing with email for GDPR. Either completely overlooking email or wrongly considering it to be within the Structured Data category as opposed to Unstructured Data (which it is), was the biggest single surprise.

50-50

Just around half (51%) of our respondents already have a properly developed Data Management plan in motion for GDPR, leaving a very tight timeline for the remainder to get a strategy and begin work on a project to align to the new legislation coming out in May. Responsible people will need to act early and fast in 2018 to get off the blocks.

Personal Data

82% of emails can be classified as containing Personal Data which is subject to GDPR audit and compliance. Worryingly, 52% of survey respondents revealed that there was not a complete awareness of the potential results of non-compliance with GDPR regulations on Personal Data.

Data Management Challenges

Selected Data Management responses from our GDPR Survey

  1. Momentum – Does an Active GDPR Project exist?

  2. Ownership – The GDPR Data Management project will not belong solely to IT decision makers.
    Ownership of GDPR Data Project
  3. Focus – What Data is in your scope for the GDPR project?Data Under Scope
  4. Internal awareness of GDPRInternal GDPR Awareness
  5. The consequences of not complying with GDPRAwareness of Consequences of Non-Compliance

Key Survey Takeaways

  • Overall, there is a large proportion of unreadiness for GDPR across all sizes of organisation with almost half of respondents indicating that a project had not started at the time of the survey. We expect this to change rapidly in the first weeks and months of 2018 as the May deadline approaches.
  • Forgetting that email, the lifeblood of business, is under scope for GDPR will be no excuse if a DSAR (Data Subject Access Request) is received or when a Data breach or compliance audit happens. Make a plan for email now!
  • Ownership of the project to ensure GDPR compliance will involve different functions from across the organisation.
  • Taking accurate “stock” of which Data is in focus for projects and GDPR audits has clearly not been enough of a priority for most survey respondents yet.
  • Understanding what Unstructured Data is and how much of it exists on Email and File servers is critical to making plans to deal with it and achieve compliance.
  • Limiting the amount of Personal Data sitting on the organisation’s servers will greatly decrease the possibility of non-compliance.

Data Project for GDPR Readiness

As we have discussed recently in our blog, the GDPR data project need not be a massive undertaking and our team of Data Management experts stand ready to assist you in your journey to compliance.

Scheduled audits, surprise inspections and post-breach investigations are all on the table and with the sheer level of “noise” around the whole GDPR introduction, it is easy for procrastinators to be confused by the number of options out in the market offering “silver bullets” to deal with it.

Finding where Personal Data is located on servers is a challenge that needs to be addressed immediately before GDPR comes into play and also on an ongoing basis to ensure that Unstructured Data compliance is maintained.

Practical Focus for GDPR Projects 

“GDPR and its potential fines are or are about to be the hot topic of conversation for all EU organisations in the coming weeks and months, with lots of promises and scare mongering, but not much in the way of fact and reality.” says Gary White, CIPP/E, Data Management Consultant with Waterford Technologies.

“GDPR is in reality the enforcement of existing data protection and compliance rules that have been almost completely ignored by organisations for years and which have now been updated and enforced via fines. GDPR will require organisations to look at multiple vendors to provide and comprehensive solution, as the fact remains that no one company can solve all their needs and a lot of companies are spreading fear by focusing on the wrong areas.”

White prefers to look at a practical focus for meeting compliance needs “Waterford Technologies via ComplyKEY focus on one key area, Unstructured Data or the day to day data of all organisations – email and file – to you and me. Accounting for anywhere between 70 and 80% of all data held by organisations, this is simply too critical to ignore, but unfortunately that seems to be the case as more and more organisations look at the Headline items from GDPR such as breach notification or data transfers and not the true daily headaches such as DSAR, analysis, retention and discovery”

 

About Waterford Technologies 

Waterford Technologies assists thousands of client organisations globally to proactively manage Unstructured Data (email and file) to best practice compliance standards. We enable organisations to make Data decisions based on their facts – bringing Unstructured Data to light and enabling analysis, plans and immediate action on the findings. 

We do not claim to solve all your GDPR headaches but will enable clients to meet requirements for Unstructured Data, which makes up roughly 80% of all business Data. That is a huge tick in the GDPR readiness journey!

We tailor a solution for your GDPR Unstructured Data requirement at a reasonable price point for your organisation, providing the expert advice and the toolset to allow you to achieve GDPR compliance for email and file.

Talk to our experts today

Waterford, Ireland  (January 8, 2018)

Take Our Unstructured Data Challenge

New Year, New You…

It is the first week of January and naturally we are being bombarded across all media with offers of health and fitness products and services to repair any festive damage. A huge amount of advertisements, peer pressure and reality TV shows will focus minds on meeting the challenge of getting fit for the year ahead.

Unstructured Data Challenge

Unstructured Data Challenge

Just like people, organisations can get bloated over time and a surplus of Data can clog the virtual arteries of business value. It is bad enough when the Data is Structured (in a database or CRM system) and therefore easily found but this can become a chronic problem when it involves the largely unseen Unstructured Data (email and file) that is generated on a constant basis in the normal course of doing daily business. Normally this is a challenge in itself but this year, we have the GDPR coming into force at the end of May.
Continue reading “Take Our Unstructured Data Challenge”

Email Continues to Grow Exponentially

Messaging Options Grow

It is 2017 and we are spoiled for choice in terms of business communication. Whether it is internal work group collaboration or external correspondence with customers and prospects, the options for interaction continue to grow. In such a landscape, with chatbots, IM, video calls, social media messaging all freely available, it would be forgivable to mentally write off the “old school” email as a thing of the past. However, recent research has shown that not only has email not declined in popularity but contrarily has continued to grow exponentially.

Why is this happening and how is it being managed by organisations already deluged by Data?
Continue reading “Email Continues to Grow Exponentially”

Unstructured Data – A Growing Problem

What is Unstructured Data?

Data Management is appearing very regularly in the mainstream media at the moment – for good reasons (GDPR and legislation to properly safeguard personal Data) and bad reasons (front page headline Data breaches and fines), the term “unstructured Data” is now used a lot outside of its traditional IT/Compliance setting. It can sometimes lead to some confusion over what exactly the term means, what is counted as Unstructured Data, how much of it typically exists  in an organisation, how to find where it is and, naturally, how to deal with it.
Continue reading “Unstructured Data – A Growing Problem”

10 Things To Avoid Having on Email

Avoid Unnecessary Hassle

It is good business (or common) sense to avoid using certain information, terms and content on your business systems. Besides leaving yourself and your organisation open to legal problems if a case were to come up, the daily headlines of massive Data breaches means that what you might think will never be seen outside of your network could be front page tabloid headlines tomorrow!
Continue reading “10 Things To Avoid Having on Email”