Many Orgs Face GDPR Noncompliance Without a Data Protection Officer

Written by

While the IT industry is preparing for the General Data Protection Regulation (GDPR), some organizations are still struggling with staffing for it—about a fifth (22%) haven’t yet hired a data protection officer (DPO).

That’s according to Imperva, in a survey of 310 IT security professionals taken at the Infosecurity Europe 2017 trade show. The firm also found that 52% of those that don’t have a DPO aren’t planning on hiring one until the second half of 2018 or beyond—after GDPR enforcement commences.

This, even though Article 37 of the GDPR requires any organization processing personal data on a large scale to retain an independent DPO.

“A crucial takeaway from this survey is that companies need to be engaging with GDPR compliance now,” said Terry Ray, CTO of Imperva. “The fact that a high percentage of respondents said they had already hired a DPO is encouraging. GDPR will rear its head in ways that nobody predicted, so engaging early and being ready for every possibility is absolutely crucial.”

Enterprises also said they may look to artificial intelligence or machine learning to ease the burden of GDPR compliance. More than half (55%) of those surveyed indicated that they believed this type of automation could reduce their workload in the next three to five years—and about 27% suggested it could even be within the next year or two.

The GDPR gives individuals in the EU more control over their personal data and is designed to make sure that their personal information is protected, even outside the EU. It applies to businesses that offer goods and services to data subjects in the EU or monitor behavior of data subjects in the EU, regardless of their industry or location of the business. It becomes effective on May 25, 2018.

Organizations failing GDPR compliance could face fines for certain violations, up to the greater of €20 million or 4% of total worldwide annual turnover.

In September, the UK is also expected to enshrine the GDPR into law as part of its Data Protection Bill. 

What’s hot on Infosecurity Magazine?