Solix survey supplies more evidence of GDPR unreadiness

Two-thirds of responding IT pros didn’t even know if personal data could be purged entirely from their systems.

Another day, and another survey showing organizational uncertainty about preparation for the General Data Protection Regulation (GDPR), now less than three months away.

In this one, enterprise data management firm Solix conducted an online survey with more than 100 companies. While the sample was relatively small, the respondents were all IT professionals, thus giving some insight into where those departments are:

  • Two-thirds of the respondents didn’t know if individuals’ personal data could be purged entirely from their systems.
  • Twenty-two percent were not aware they needed to comply with the GDPR if they captured and maintained data of European Union citizens, since they are based outside the U.S. (Many experts say they do.)
  • Nearly 40% said that personal data at their companies is not protected from misuse and unauthorized access throughout its lifecycle.
  • Sixty-four percent of responding organizations don’t have a Data Protection Officer, as required by GDPR.
  • More than half don’t know if they have explicit consent from individuals for processing of their personal data.

The big takeaway, Solix Technologies’ Executive Chairman John Ottman told me, is that “not only are most companies not ready, most do not understand the extent of their obligations.”

Infographic by Solix

Infographic by Solix

Some companies are promoting blockchain-based technologies as a possible technical solution to GDPR’s requirements. But, interestingly, Ottman said that the transparency-oriented blockchain is “incompatible with GDPR” because it doesn’t readily accommodate privacy.

While Solix is not exactly an impartial observer — it offers GDPR consulting — the survey’s assessment of IT managers does contribute more evidence that the majority of companies that need to be compliant with GDPR’s launch on May 25 are not ready.

It is also consistent with other surveys. In January, for instance, a study by email provider Mailjetfound that nearly two-thirds of startups weren’t compliant with GDPR.

Last month, a Forrester survey of 395 security decision-makers at companies with more than 20 employees found that only about 30 percent were GDPR-compliant — and even those may not be. At the end of last year, Forrester predicted that as many as 80 percent of companies will not comply.

Of the 100+ companies surveyed by Solix, 40 percent were in North America, 40 percent in EMEA and 20 percent elsewhere. They were all customers, prospects or registered users of Solix, or they were attendees of European conferences.