Came across this really useful research conducted by aiim in partnership with M-Files and it makes fascinating and scary reading, with the main takeaways from this research as follows:
1. Thirty-two percent of respondents have GDPR projects in place preparing for the May 2018 enforcement. Six percent say they are fully prepared.
2. Twenty-three percent of respondents feel they will be fully prepared for GDPR by May 2018. Thirty-two percent will still be planning for GDPR.
3. Thirty-one percent of respondents cite data loss or exposure due to staff negligence or bad practices in the last 12 months. Sixteen percent cite internal or HR incidents due to unauthorised access.
4. Fourteen percent of respondents report exposure or loss of Personally Identifiable Information (PII) on customers or citizens as a result of data breaches. Ten percent report loss or exposure of employee data.
5. Twenty-six percent of respondents say they understand the issues related to the appointment of a Data Protection Officer (DPO). Nineteen percent indicated they are fully prepared to appoint a DPO.
6. Fifty percent of our respondents agree that GDPR requires a holistic approach across the enterprise. Thirty-nine percent feel that strong Information Governance (IG) practices are key to managing data privacy.
7. Seventy-four percent of respondents will focus on developing strong Information Governance (IG) policies. Fifty-seven percent will conduct awareness training and implement data cleansing exercises to ensure data quality and integrity.
The actual report is here:
well worth a read, but my alarm is that around 70% still have not done much if anything and also will not be ready come May 2018.
Some extracts are taken as follows: