Forrester report: About a third of companies say they’re ready for GDPR but may not be
Based on interviews with more than 3,000 companies in 10 countries, the report finds that some firms are underestimating the effort required.
With the launch of the General Data Protection Regulation (GDPR) only about a hundred days away, a key question is how many companies are ready to comply.
A recent report from Forrester Research, based on a survey of 3,195 security decision-makers in companies with more than 20 employees in the US and nine other countries, found that almost 30 percent of respondents think they’re GDPR-compliant.
But, Forrester analyst and report author Enza Iannopollo notes in “The State of GDPR Readiness: GDPR Readiness Progresses, But Strategies Depend Too Heavily on IT” [fee required], at least some of those firms have not actually done the work required, such as data discovery, data classification, data flow maps and gap analyses. Instead, she found, many companies appear to simply count on their IT departments to meet specific requirements, such as how to handle data breach notifications.