[ad_1]
Despite being given two years' notice to comply with the GDPR, only half of the companies complied before May 25, 2018, according to a DataGrail survey.
The report "The Age of Confidentiality: The Cost of Continuous Compliance" analyzes the operational impact of the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as well as sharing information on lessons learned and attitudes towards privacy regulations. .
DataGrail surveyed more than 300 decision-makers in the United States regarding privacy management; including IT professionals, operations, security, law, risk and compliance.
"Companies without a European presence have not been affected by the GDPR. However, as ACCP approaches, US companies without GDPR face the same challenges as multinationals with GDPR, "said Daniel Barber, co-founder and CEO of DataGrail.
"Most of the companies said they have taken at least seven months to be ready with the GDPR, but now that CCPA is no more than seven months from now, they realize that their systems will not be compatible with ACCP and other upcoming regulations on privacy protection. Companies will need to integrate and operationalize their privacy management to avoid time-consuming and error-prone manual processes to comply with these regulations. "
GDPR compliance took longer than expected
- Only half of the companies achieved declared compliance by the deadline of May 25, 2018.
- Most companies took seven months or more to be ready.
Even the preparation of GDPR is expensive
- Two-thirds of the companies have assigned dozens, if not hundreds, of employees to GDPR compliance management. According to the survey results, the average organization probably spent 2,000 to 4,000 hours in GDPR preparation meetings, more than a full year of work.
- Half of the privacy management decision-makers spent at least 80 hours on GDPR personal preparation and 80 hours of overtime to ensure compliance, which is also a full month of work.
Confidentiality requests take time and are prone to errors
- Half of the companies use manual processes to handle requests for GDPR privacy rights, such as the right to be forgotten.
- Two-thirds of the companies processed at least 100 requests in the past year, covering dozens of third-party business and service systems, and most of them have at least 25 employees participating in the management of requests. Thousands of touch points likely to introduce human error – the vast majority of privacy professionals are working to reduce the risk of manual error in these requests.
CCPA compliance programs face the same challenges as GDPR programs
- Two-thirds of privacy professionals estimate that it will take less than six months to prepare for the CACP, even though most said it had taken them seven months or so more to prepare for GDPR. Worse, technology adoption rates for CCPA are lower than for GDPR – companies primarily train their employees in managing privacy rules, which increases the costs and risks of ongoing compliance.
Companies will be challenged by future privacy regulations
- Most companies approach privacy regulations on a case-by-case basis. Two-thirds of privacy professionals agree that the systems they have put in place will not be compatible with the new regulations.
- 90% of companies plan to hire at least three new employees over the next two years to manage privacy regulations, but only one-third of companies automatically update their data inventory.
"It is clear from this study that most businesses still rely on fragmented technology solutions and manual processes, whereas they should turn to privacy management solutions designed specifically for privacy regulation. Said Barber.
"As companies move from GDPR to CCPA and beyond, they need to implement sustainable compliance to reduce risk, provide transparency to their customers and control their operational costs."
[ad_2]
Source link