Many Orgs Face GDPR Noncompliance Without a Data Protection Officer

| Author: Tony Imossi (Secretariat) | Filed under: General News
Many Orgs Face GDPR Noncompliance Without a Data Protection Officer

While the IT industry is preparing for the General Data Protection Regulation (GDPR), some organizations are still struggling with staffing for it—about a fifth (22%) haven’t yet hired a data protection officer (DPO).

That’s according to Imperva, in a survey of 310 IT security professionals taken at the Infosecurity Europe 2017 trade show. The firm also found that 52% of those that don’t have a DPO aren’t planning on hiring one until the second half of 2018 or beyond—after GDPR enforcement commences.

This, even though Article 37 of the GDPR requires any organization processing personal data on a large scale to retain an independent DPO.

“A crucial takeaway from this survey is that companies need to be engaging with GDPR compliance now,” said Terry Ray, CTO of Imperva. “The fact that a high percentage of respondents said they had already hired a DPO is encouraging. GDPR will rear its head in ways that nobody predicted, so engaging early and being ready for every possibility is absolutely crucial.”

Enterprises also said they may look to artificial intelligence or machine learning to ease the burden of GDPR compliance. More than half (55%) of those surveyed indicated that they believed this type of automation could reduce their workload in the next three to five years—and about 27% suggested it could even be within the next year or two.

The GDPR gives individuals in the EU more control over their personal data and is designed to make sure that their personal information is protected, even outside the EU. It applies to businesses that offer goods and services to data subjects in the EU or monitor behavior of data subjects in the EU, regardless of their industry or location of the business. It becomes effective on May 25, 2018.

Organizations failing GDPR compliance could face fines for certain violations, up to the greater of €20 million or 4% of total worldwide annual turnover.

In September, the UK is also expected to enshrine the GDPR into law as part of its Data Protection Bill.

Source: Info Security

Endorsed by the Law Society

The ABI is the only association in this industry to be endorsed by the Law Society of England and Wales, and included in the Law Society of Scotland's approved Supplier Scheme.

The highest independent professional bodies for solicitors put their trust in us. We’re confident you can do the same.

Law Society logo
Scotland Law Society logo
Thank you, your message has been sent.
A member of our team will be in touch shortly.