The General Data Protection Regulation (GDPR) goes into effect in May, but a new study reveals that most organizations are overwhelmingly unprepared.
The State of Data Governance Report finds that only 6% of respondents consider themselves completely prepared for GDPR. That means a shocking 94% of the organizations surveyed are not ready for what is one of the most important data privacy and security regulations passed in recent years.
Failure to implement data governance (DG) to comply with GDPR will leave these organizations liable for fines of up to €20 million or 4% annual global turnover – whichever is greater.
But the news isn’t all bad; promising signs can be found. Although 46% of those surveyed indicate having “no formal strategy” in place for DG, 42% describe their data governance initiatives as a “work in progress.”
State of DG: Regulatory Compliance Driving Data Governance
Historically, data governance has left a lot to be desired. The value and ROI were insignificant to non-existent, and so executive buy-in and funding also has been low.
Business leaders usually left DG to their IT departments, but that created silos that cut off DG from it’s day to day “data owners” and “data stakeholders,” – in essence, everybody that uses data to drive business. With poor data discovery, lineage and context, data governance was largely abandoned or at least out of sight, out of mind.
Forty-two percent of the organizations participating in the State of DG Report survey indicate that lack of executive support is still a roadblock. But GDPR is spurring new interest in DG because companies must articulate what their data is, where it resides, what controls are in place to protect it, and the measures they will use to address mistakes/breaches.
An effective data governance initiative is critical for the data visibility and categorization needed to comply with GDPR. It also will help assess and prioritize data risks and enable easier verification of GDPR compliance to auditors.
Perhaps this is why 66% of those surveyed for the State of DG Report say understanding and governing enterprise assets has become more important or very important for their executives. And regulatory compliance is in fact the No. 1 driver for data governance.
State of DG: Implementing Data Governance for GDPR
It’s safe to say that organizations should be much further along with GDPR than they are.
The biggest challenge is to establish compliance with their current data architectures and then to build GDPR compliance into the processes for designing and deploying new data sources.
This requires visibility into the strategic roadmap and well-defined processes to govern new data deployments so that constant GDPR retrofits aren’t required.
Thankfully data governance has evolved from a siloed, IT-owned program primarily for data cataloging to support search and discovery. It has given way to proactive, enterprise-wide data governance to support regulatory compliance in addition to data-driven insights for achieving other organizational objectives.
Data Governance 2.0 understands that CTOs, CMOs and other C-level executives and business leaders across the enterprise are involved in data creation, management and use on a day-to-day basis. And GDPR compliance requires that all stakeholders be aware and empowered so that data governance is built in, and part of the culture.
By integrating data governance with enterprise architecture, business process and data modeling, you’ll have a GDPR compliance framework to:
- Discover and harvest data assets
- Classify data and create a GDPR inventory
- Perform GDPR risk analysis
- Define GDPR controls and standard operating procedures
- Socialize and apply GDPR requirements across the organization
- Implement GDPR controls into IT and business roadmaps for “compliance by design”
- Prove compliance/respond to audits
Is your organization GDPR-ready?
Click here to get your State of DG Report to see how your organization compares to those we surveyed.
Of if you’d like to discuss how to improve your GDPR readiness with one of our solution specialists, click here.