GDPR readiness not being given the priority it needs except in DACH countries
- Published: Wednesday, 15 June 2016 08:37
Metalogix has published the findings from a new survey which looks at how prepared organizations are for the challenges of the EU General Data Protection Regulation (GDPR).
The survey found that IT professionals in the DACH (Deutschland, Austria and Switzerland) region are three times as aware and concerned (77 percent) about the implications of the GDPR as other regions including the rest of EMEA and North America. While strong regional differences appear for the importance placed on GDPR readiness, it still ranked fourth across all regions (26 percent) among the top IT considerations in a cloud archiving solution following security (79 percent), administrative control (50 percent), and service level agreements (44 percent).
"High awareness of GDPR in the DACH region showcases just how critical the regulation is to today's data protection and retention strategies," said Paul LaPorte, director of Product Marketing, Metalogix. "But, it also reveals that the lack of preparedness across other European countries and North America, where there are numerous global organizations operating under GDPR in the European Union (EU), can create great risk. IT and security executives need to become more deeply educated on the implications of GDPR - which can be as large as 20M Euros or 4 percent of an organization's annual revenue - so that they can better protect the personal data under their control and ensure compliance."
The Metalogix survey found that SharePoint administrators were among the most concerned (58 percent) about GDPR while IT professionals responsible for archiving (26 percent) and backup (20 percent) were not as concerned. This reveals that some applications, such as SharePoint, may have greater compliance pressures than other application platforms. With deeper knowledge of the risky operations such as Shadow IT where employees use unauthorized consumer applications for file sharing, SharePoint administrators are much more in tune with the dangers of failing to comply with GDPR.
"GDPR impacts different parts of the organization in different ways, but these survey results indicate that backup and archiving operations need to be more aware of the impact of GDPR on the organization overall," added LaPorte. "Application databases and files typically addressed most by backup and archiving processes contain massive amounts of content, even more than content rich applications such as SharePoint. While they may not have as large a user base, from a malicious perspective these data sources are huge targets that must be compliant. C-level executives must look for deeper guidance on how to approach this challenge to manage risk and meet compliance regulations."
Non-compliance to GDPR can pose significant legal and discovery risks, and even expensive fines, court costs and judgments. Greater focus on implementing solutions to help comply with GDPR are needed, especially for enterprises moving content to the cloud.
For the Metalogix study, more than 300 IT professionals were surveyed about their archiving solutions and considerations when moving to the cloud. The survey was conducted online and included organizations in over 20 industries and over 15 countries.