AIIM’s GDPR readiness study 2017: surprising results
As the enforcement of the General Data Protection Regulation (GDPR) is coming into effect in May 2018, the worldwide discussion about the regulation and its impact is picking up speed. So, AIIM took the opportunity to research the GDPR readiness among its members. About 700 people participated in the survey to draw up an image of the current status and state of mind in Europe.
GDPR is a sensitive topic as non-compliance can lead to penalties of up to several million euros – a risk businesses cannot take. In order to be compliant and avoid fines, SER’s Doxis safeLock provides a reliable solution to protect sensitive data and ensure proven deletion at the same time.
A little less than a year ahead of the enforcement, only six percent of the respondents say they are already fully prepared for GDPR, while another 31 percent have a project in place. 29 percent are planning for GDPR and 25 percent are thinking about it. This leads to seven percent of the respondents that are not prepared at all at this point. Looking at the responses for the projected readiness in May 2018, 23 percent say they will be fully prepared and 25 percent, who will have a project in place. Still, this leaves a great amount of enterprises unprepared when the regulation comes into effect in May 2018. For them it is highly important to understand the regulation itself and the impact of non-compliance to avoid penalties. Moreover, data protection is an important matter for every organization, which needs to be taken seriously. This is mainly what the regulation is aiming for, it gives every person the right to request that their personal identifiable data is securely deleted. In today’s data-driven society an important protection mechanism for individual rights. On the other hand, organizations are held accountable to store content and data not only securely and compliantly, but also need to be able to store data according to legal obligations with certain retention periods, e.g. for tax reasons or litigation.
But are the executive teams aware of the overall impact of GDPR? About one-fifths say that their management has little awareness (13%) or no idea (8%) about GDPR. This alarming number shows that there is still a lot of uncertainty around this topic. Therefore, it is highly recommended to assess the current situation and take action now, if you have not done so yet.
A constant struggle
The survey also states storage or the lack of a consistent storage architecture across the entire organization as one of the challenges for compliance and data security. Most content is still stored on emails and on email servers (80%) or on PC and network drives (67%), which makes the protection and ultimately the secure deletion of personally identifiable information (PII) almost impossible. Here, a compliant, structured and unified ECM and BPM system that allows for traceable deletion and audit-proof storage at the same time comes in more than handy. It not only supports you in regards to compliance with GDPR, but makes the entire procedure of content and process handling more efficient.
What to do next?
If you are not ready for GDPR yet, you need to take action now! But, no need to panic, with the right solution at hand, you are still able to meet the requirements by May 2018. We are happy to support your information security approach with our Doxis solutions. When it comes to GDPR in particular, our Doxis safeLock is a reliable solution to meet the criteria of the regulation. If required, additional security measures can be customized to your needs.
Read the full report here.