Ken Turbitt Blog
Aidan Lawes Blog
Paul Gostick Blog
Dr Jenny Dugmore Blog
Shirley Lacy Blog
Alim Ozcan Blog
Juan Jimenez Blog
Ian Clayton Blog
Nas Ozcan Blog
Aidan Mills Blog

Six Barriers to Becoming a Digital Business
Digital innovation promises to help organizations captivate customers and create new business models. But, for many CIOs, delivering digital innovation is harder than expected. To succeed, CIOs need to overcome six barriers to becoming a digital business...

Ten Strategic Technology Trends for Government
Technologies that enable new service models for digital government must be at the top of the list for government organizations as they prioritize technology investments...


The Robots are Coming: Are CEOs Ready for the Era of Automation?
CEOs agree that robotics is going to make their companies more efficient, with 94% of those who've already adopted robotics saying that it's increased productivity in their business...


The 2015 Chief Digital Officer Study
More companies are appointing a Chief Digital Officer to join their C-suite - but are they doing it quickly enough?...


18th Annual Global CEO Survey
The United States has overtaken China as top target for growth for the first time in five years...

24 May 2018 | ITSM
Send to a colleague | Add to MY ITP

The General Data Protection Regulation Benchmarking Survey
How are organisations facing the challenge of complying with the most radical overhaul of data protection laws in a generation?...

Deloitte has conducted a General Data Protection Regulation (GDPR) benchmarking survey across a sample of organisations and industry sectors in EMEA. The aim of the survey was to understand how organisations are preparing for GDPR compliance, how advanced their implementation plan are, and how confident are they of achieving their goals by 25th May 2018.

“GDPR is the biggest overhaul of Europe-wide data protection rules since the 1995 EU Data Protection Directive, covering organisations of all sizes and sectors, and introducing new business responsibilities. The complexity of GDPR has already seen many organisations opting to mitigate risk, rather than strive for full compliance” said Peter Gooch, cyber risk partner at Deloitte.

“According to a recent survey Deloitte conducted, just 15% of organisations are aiming to be fully compliant by the 25th of May. It’s likely that everyone in the UK will have their data held in breach of the regulation in one shape or form.

“Nevertheless, fines could amount to 4% of global turnover. Organisations are very aware of this as they implement their GDPR strategies.”

On ‘re-consenting’, such as opting in to newsletters, Gooch added: “Re-consenting exercises are seeing response rates as low as 10%, drastically reducing the reach of campaigns, but at the same time reaching on average a much more engaged audience.”

Facts and figures on General Data Protection Regulation (GDPR):

  • As of 25th May, significant personal data breaches must be reported to the regulator within 72 hours and potentially to customers without “undue delay”;
  • Fines could potentially be up to 4% of global turnover; and
  • A re-consenting exercise may be required in instances where current consent gathering does not meet GDPR’s higher standards.

Findings of 2017 Deloitte survey:

  • By 25th May, just 15% of organisations surveyed by Deloitte in December expected to be fully compliant;
  • By 25th May, just 38% of data controllers expected to have reviewed all processing contracts;
  • 17% of organisations planned to introduce a new solution to manage consent;
  • Just 35% of organisations had a data breach reporting procedure aligned to GDPR requirements;
  • Less than half (48%) of organisations had a Privacy Impact Assessment procedure in place;
  • 52% of organisations had chosen a risk-based, defensible position; and
  • 33% organisations had not determined headcount increase requirements.

Five greatest challenges to organisations:

  1. Ensuring that consent to hold data - where required - is informed, unambiguous and recorded;
  2. Developing a culture of privacy by default, while not strangling the business of the benefits of appropriate data use;
  3. Keeping record of decisions and positions of accountability, and demonstrating compliance;
  4. Estimating and securing the operational and headcount requirements to deal with the new regime long-term; and
  5. Transitioning programme activities that have been running into sustainable business as usual activities.

Top tips for organisations:

  1. Ensure all data holders are made aware of their accountability for handling personal data;
  2. Agree responsibilities across different parts of the organisation and ensure the approach is consistent;
  3. Perform risk and cost-benefit analysis to ensure any GDPR strategy meets appropriate requirements;
  4. Ensure internal messaging sets out the importance of the topic and the role of the individual; and
  5. Define a long-term operating model that ensures technology and responsibilities are monitored and assessed on an ongoing basis.

For additional information or to view “The General Data Protection Regulation Benchmarking Survey” click on the link https://bit.ly/2s8sU54.

Deloitte Email to a colleague | Add to MY ITP

terms & conditions