Just 18 per cent of UK and multi-national organisations are ‘highly confident’ they will be able to comply fully with the General Data Protection Regulation (GDPR) by the deadline of 25 May 2018.

According to the survey, conducted by Technology Law Alliance, companies are facing two main challenges:

• dealing with the large number of systems on which data is stored and processed; and
• the lack of internal resource and know-how about GDPR.

Cloud can bring data protection issues

The firm's co-founder, Jagvinder Kang, commented: “Large organisations have complex systems and interactions with large numbers of databases. Although some organisations may have thought that Cloud Computing would simplify IT conceptually, it can give rise to problems from a data protection perspective.” He continues: “Cloud technology creates geographical data protection issues with regard to where the data is stored, coupled with issues about the interactions between different databases. Furthermore, it can exacerbate the problem of ‘shadow IT’, where individuals within large organisations procure IT without the authorisation of their IT departments - thus creating additional ‘data silos’ that are parallel to the organisations’ own official systems.”

The research also showed that just over half – only 51 per cent – of organisations indicated that regular board level reporting was being undertaken in respect of GDPR readiness, a figure that Kang describes as “alarming, especially as the survey responses showed that 78 per cent of organisations regarded GDPR compliance as more important than other compliance programmes.” The survey also found that, as part of preparations for GDPR, 89 per cent of organisations are involved in some form of data mapping or data flow activity but only 41 per cent had a detailed GDPR compliance plan in place.

Companies not updating their privacy policies

These findings chime with research done by another law firm, which found that nine out of 10 businesses have still not made crucial updates to their privacy policies, which is a key requirement of GDPR. The survey by Blake Morgan found that many organisations may be at risk of non-compliance.