Freely subscribe to our NEWSLETTER

The research – Finding The Missing Link in GDPR Compliance – is based on the views of more than 1000 senior executives from companies in the UK, France, Germany, Spain and Italy. It finds that French businesses are particularly concerned that they don’t know where all their data is housed, with more than a quarter (27%) saying they’re “concerned”, and only 26% being very confident about the whereabouts of all of their data. Furthermore, French companies are most concerned about their ability to account for every database. 30% say they are not confident of doing so and less than a fifth (19%) are “very confident”. These findings come only months before GDPR comes into law (on 25th May) and demonstrate the scale of the challenge facing French companies to get “GDPR ready”.

Senzing’s research finds that, on average, a company will get 89 GDPR enquiries per month, for which they will need to search an average of 23 different databases, each taking about 5 minutes. The total time spent simply looking for data per month will be more than 10,300 minutes (172 hours) equating to over 8 hours of searching per working day - or 1 employee dedicated solely to GDPR enquiries.

The issue is even more pronounced for large companies. These expect to get an average 246 GDPR enquiries per month, for which they will need to search an average of 43 different databases, each taking more than 7 minutes. They will spend more than 75,500 minutes per month (1259 hours) which equates to nearly 60 hours of searching per working day - or 7.5 employees dedicated solely to GDPR enquiries every day.

Jeff Jonas, Founder and CEO, Senzing, says: “These findings reveal the true extent of the GDPR compliance challenge. French businesses will be faced with a mountain of data to trawl through - the end result will be a significant time and personnel cost and a great risk of missing records or worse, including the wrong records. Whilst this time requirement is most onerous for large companies, they have greater resources at their disposal. Relative to size, SMEs face a similarly gargantuan task.”

High level of concern over compliance – but the problem is still underestimated by many

A third (31%) of French companies say they are “concerned” about their ability to be GDPR compliant and many businesses are demonstrating a dangerous lack of awareness about GDPR and overconfidence that they will not be affected. Only a third of French businesses (34%) are aware that the potential financial fines for non-compliance, which in the worst cases can be €20 million or 4% of global annual turnover, are very severe. An alarming 24% say that financial penalties will have no impact at all; 19% say that they “don’t know” about the impact of financial fines.

In terms of their planning for GDPR, French companies do not appear to be in a hurry to make major changes, despite the lack of preparedness. The majority of French companies (52%) either don’t know what actions their organisation is going to take or say that their current set up is already optimum (18% and 34% respectively). However, 34% plan to overhaul their IT/customer data systems and 16% plan to outsource their data to a third party. Across the EU, larger companies are more proactive; two thirds (64%) will overhaul their IT and a third (33%) will hire analysts.

Jonas comments: “Many French businesses appear to be sleepwalking towards a GDPR abyss. The fines that can be levied for non-compliance will be potentially terminal to some organisations and even the largest companies – and certainly their shareholders – will feel a significant impact. A huge number of French companies simply don’t understand the dangers of non-compliance – with smaller firms apparently particularly unaware.”

60% of EU businesses “at risk” or “challenged” by GDPR

Based on responses, Senzing calculates that a quarter (24%) of EU companies are “at risk” in terms of being GDPR compliant. A further 36% are deemed “challenged” by the regulation, with only 40% being classed as “ready”. Taken as a proportion of all businesses operating in the EU, this could translate into tens of billions, if not hundreds of billions, of euros in fines.

Jonas adds: “Finding out who is who and where their data is should be the first principle of GDPR compliance. These findings point towards the fact that the missing link in GDPR compliance is single subject search. Companies are overlooking the urgent need to be able to perform a single smart subject search to find out who is who in their data. Without this, the critical enabler of GDPR readiness, many businesses will be unable to meet the demands of GDPR.”

To address this single subject search gap, Senzing is launching G2 for GDPR. This software was developed to enable organisations to resolve who is who in their data, quickly and cost effectively, factoring in multiple databases, erroneous inputs, misspellings, duplications and different names and aggregating everything relevant for one data subject. This is designed to facilitate GDPR compliance.

?