Time is running out. There are just few months left to the implementation of the European Commission’s General Data Protection Regulation (GDPR) on 25th May 2018. The main question is: are companies truly prepared? Well, maybe you will be surprised what recent studies have to say about that.
4.1 out of 10
That’s the average GDPR-readiness score according to recent Mailjet survey with responses from 4,000 companies. Although 91% of the respondents collect personal data, nearly two-thirds aren’t compliant with the GDPR yet. A similar survey done by the IAPP says that only 32% US and 43% EU companies have a plan for GDPR compliance and have begun the implementation.
One of the key findings of Redgate’s data governance implementation survey is that the GDPR itself was the key driver of data governance programs for 44% of the respondents, even if its predecessor Data Protection Directive existed before. Improving business intelligence and analytics was also a significant factor, driving 31% of data governance programs. The most challenging appears to be the understanding of what is required, alignment across the organization, and a lack of appropriate skills.
What all this information actually says? It just confirms the GDPR is a complex regulation with difficult obligations, requiring many time-consuming changes and appropriate means. A lot of work needs to be done to achieve the GDPR compliance. But as the cybercrime does not discriminate and affects businesses of all shapes and sizes, companies should do their best to prevent it, following the GDPR sooner or later. Even later is better and after all less costly than never.
So..how to survive GDPR?
You cannot escape it. GDPR may apply to your company even if it is not based in EU. The fines can be pretty devastating, reaching up to 4% of the annual global turnover or 20 million euros, whichever is higher.
A majority of organizations cannot handle the GDPR requirements without any support from a good software. A modification of the software they already use is surely a long run and expensive option. The key is to start with a plan and useful tools. According to Redgate’s survey, companies use 6 tools on average to help with backup and retention, access control, monitoring and alerting, auditing and reporting, change control and other activities. As the GDPR is all about proper data governance, the deployment of an identity governance solution as one of the tools for GDPR compliance is a reasonable step.
MidPoint as identity management and governance solution is ready to help with the implementation of data protection methods. You can rely on MidPoint in the question of accountability, the key in presenting evidence of compliance with the GDPR. The system will also provide necessary visibility over identity data to meet other requirements of the regulation. MidPoint is an excellent record keeper that will also help you orientate in the scopes the consent was given for.
Following picture shows a suggested GDPR compliance plan with time estimates of particular steps. Filled boxes are the steps in which you may find having midPoint in your organization really useful.
If your organization is still in a search for the tools which will help you to gain GDPR compliance, make sure to learn more about midPoint and all the possibilities this identity & organization management and governance solution can offer.