GDPR is only 3 short months away, but according to new research many businesses are unprepared and unaware of the potential fines for non-compliance, or the amount of work that needs to go into preparing for compliance.
A huge 60% of respondents to the Populus survey say they are not “GDPR ready”, despite the limited time remaining until the regulation comes into force. Only 35% are aware of the severe impact the heaviest GDPR fines – 2-4% of global turnover, or €10m-€20m, whichever is higher – could have on their business.
A particular standout statistic in the report is the time it’ll take to comply with GDPR. The report concluded that businesses will get, on average, 89 GDPR enquiries (or subject access requests) a month – likely to be requests regarding what data your business holds on the individual, right-to-be-forgotten requests and updates to personal information. This figure rises to 246 for large companies (defined as having over 250 employees).
To respond to those 89 enquiries a month – and don’t forget, under GDPR businesses will have only 30 days to fulfil these requests – employees would have to search, on average, 23 databases. Each database search is estimated at 7 minutes; this equates to 172 hours per month, which means the average business will need one employee dedicated full-time to GDPR enquiries. For the larger businesses with 246 enquiries a month, that figure goes up to 1259 hours a month and would require 7.5 employees solely focused on GDPR enquiries and subject access requests.
Less than half of respondents said they were “very confident” they know where all of their data is stored, where 12% said they weren’t confident at all. A further 15% don’t believe they’ve accounted for all of their databases that contain Personally Identifiable Information (PII). Read our blog on discovering your PII data.
We know that it’s completely unrealistic for businesses to employ an extra 7 people solely for the purpose of database searching and that the process is prone to human error, so is there a way to automate this essential task?
The answer is yes.