AvePoint Media Contact

Nicole Caci
Tel: +1 201-201-8143
Email: nicole.caci@avepoint.com

Know Your Data: 2nd Annual GDPR Readiness Report Reveals That 60% of Organizations Are in the Dark

The report, “Organisational Readiness for the European Union General Data Protection Regulation (GDPR),” by AvePoint and CIPL shows that more strides must be made in many key aspects of GDPR implementation.

Jersey City, NJ – March 26, 2018AvePoint, an industry leader in data protection solutions, and the Centre for Information Policy Leadership (CIPL), a global privacy and cybersecurity think tank, published the 2nd annual Organisational Readiness for the European Union General Data Protection Regulation (GDPR) report today. The report tracks GDPR implementation efforts of over 235 multinational organizations.

The GDPR establishes formal regulations around data protection for organisations located in the European Union (EU) and organisations that have an EU presence. Penalties for non-compliance with the new rules can result in fines of up to 4 percent of annual global revenue or €20 million. This year’s GDPR assessment is pivotal, with the GDPR effective date less than two months away.

Companies and Their Data Knowledge

The GDPR Readiness Report underlines how knowledgeable organizations are about their data contents and the data lifecycle. The report shows that knowledge levels vary widely among different aspects of GDPR implementation.

Approximately 60 percent of survey respondents are in the dark about the sensitive and confidential content they hold within their data and how it’s used or treated. Conversely, knowledge levels surrounding data security are increasing with two-thirds of organizations reporting that they have internal breach notification procedures in place. More than half report having a response plan and team in place.

“The report shows that companies are not where they need to be in terms of compliance efforts. GDPR merely exacerbates how much oversight is needed to enforce changes down to the individual level,” said AvePoint Chief Risk, Privacy and Information Security Officer Dana Simberkoff. “The long road ahead is quickly becoming a short path as we approach the May 25, 2018 date. This assessment magnifies areas that need major improvement. Knowing where you are on the GDPR readiness scale is half the battle.”

Comprehensive Programs and Consent

Compared to the previous 2017 report, building and maintaining a comprehensive privacy compliance program remains one of the highest areas of impact on organizations on the road to GDPR compliance. More than half of respondents have committed additional budget to GDPR implementation, with increases ranging from hundreds of thousands of dollars to upwards of $50 million. Organizations report technology tools and software as the number one priority for GDPR focused budget spending.

Survey data shows that respondents still rely heavily on manual methods for building and maintaining inventories of their data processing. For example, 60 percent of organizations do not have any procedures in place to identify and tag data.

“GDPR implementation consists of multiple layers of complexity,” said Bojana Bellamy, President, Centre for Information Policy Leadership. “The survey reveals that while some progress has been made in preparation for 25 May 2018, there is more work to be done by organisations that will have to step up their implementation efforts across many key change areas. Reviewing data management strategies, building new comprehensive compliance programs, and putting in place new systems, processes and procedures to facilitate the changes are crucial to successful GDPR implementation.”

Other Key Findings

  • More than a third of organizations have no framework or procedures in place to identify and classify risk to different individuals; an equal number of organisations are working on developing such a framework.
  • Approximately 32 percent of organizations have committed additional staff to their GDPR implementation efforts, an increase from under a quarter as noted in the previous report.
  • Over half of survey respondents have operations in the U.S.

Learn more at the IAPP Global Privacy Summit

CIPL President, Bojana Bellamy, AvePoint’s Chief Risk, Privacy and Information Security Officer Dana Simberkoff, and Vice President of Product Strategy John Hodges will be available during the International Association of Privacy Professionals (IAPP) Global Privacy Summit held at the Walter E. Washington Convention Center in Washington, D.C., March 27-28.

Join Simberkoff and Hodges for the session, “Metadata is a Love Note to the Future (And Will Help You Comply With GDPR!)” on Tuesday, March 27, 4:15-5:30 p.m. ET.

Additionally, join Bellamy for the session, “Regulating for Results: Effective Use of Both Carrot and Stick” on Wednesday, March 28, 8:00-9:00 a.m. ET.

To access the full report, visit the AvePoint website. To gauge GDPR compliance progress, visit the AvePoint Privacy Impact Assessment (APIA) System website.

À propos d'AvePoint

AvePoint permet aux clients de collaborer en toute confiance. Les solutions de gestion des données d'AvePoint aident sa clientèle mondiale diversifiée à surmonter les défis complexes de transformation, de gouvernance et de conformité dans le cloud Microsoft. Cinq fois lauréat du prix Microsoft Partner de l'année, AvePoint propose la seule suite complète de solutions SaaS pour migrer, gérer et protéger les données dans Microsoft 365.

Plus de 9 millions d'utilisateurs du cloud, dont un quart des Fortune 500, comptent sur les solutions d'AvePoint. Les solutions SaaS d'AvePoint sont également disponibles pour les fournisseurs de services, afin qu'ils puissent mieux soutenir et gérer leurs petites et moyennes entreprises.

Ses solutions multi-utilisateurs sont disponibles auprès de plus d'une douzaine de distributeurs sur plus de 100 marchés cloud dans le monde.

Fondé en 2001, AvePoint se situe à Jersey City, New York. Pour plus d'informations, visitez le site https://www.avepoint.com/fr/.

Centre for Information Policy Leadership (CIPL)

The Centre for Information Policy Leadership (CIPL) works with industry leaders, regulatory authorities and policymakers to develop global solutions and best practices for privacy and responsible use of data to enable the modern information age. CIPL was founded in 2001 by leading companies and Hunton & Williams LLP to develop innovative, pragmatic approaches to privacy and data security policy that consider the requirements of business processes and concerns surrounding information protection. More details about CIPL can be found at www.informationpolicycentre.com, and you can follow us on Twitter and LinkedIn.

Hunton & Williams LLP

Hunton & Williams is a global law firm of more than 725 lawyers serving clients in the United States, Europe, Latin America, and Asia. The firm handles transactional, litigation, and regulatory matters for a diverse client base, with significant experience in privacy and cybersecurity, retail and consumer products, energy, financial services, and real estate. Visit our website at hunton.com and our Privacy and Information Security Law Blog at huntonprivacyblog.com. Follow us on Twitter, LinkedIn, and YouTube.

All product and company names herein may be trademarks of their registered owners.