The scale of the extra workload companies can expect under GDPR has been exposed, with firms facing an average 89 GDPR enquiries a month, for which they will need to spend 172 hours trawling 23 different databases, a new pan-European study claims.
The research – Finding The Missing Link in GDPR Compliance from Senzing – is based on the views of more than 1,000 senior executives from companies in the UK, France, Germany, Spain and Italy.
The workload is even more pronounced for large companies, which expect to get an average 246 GDPR enquiries per month, for which they will need to search an average of 43 different databases. They will spend more than 1,259 hours a month, equivalent to nearly 60 hours of searching per working day.
Senzing claims the data collection challenge is exacerbated by a significant proportion of businesses which admit to not being confident about where their data is housed or being able to account for all their databases.
More than one in ten (12%) companies say they are not confident that they know where all their data is stored; less than half (47%) are ‘very confident’. Fifteen per cent of businesses are not confident that they have accounted for all the different databases containing personal/customer data, with only a third (35%) stating they are ‘very confident’.
Senzing founder and CEO Jeff Jonas said: “These findings reveal the true extent of the GDPR compliance challenge. Businesses will be faced with a mountain of data to trawl through – the end result will be a significant time and personnel cost and a great risk of missing records or worse, including the wrong records. Whilst this time requirement is most onerous for large companies, they have greater resources at their disposal. Relative to size, SMEs face a similarly gargantuan task.”
GDPR goes from gloom to boom as UK leads the field
Denham acts to allay fears over GDPR D-Day apocalypse
Brace yourselves for the GDPR data ambulance chasers
Morrisons staff start High Court fight over 2014 breach
Privacy chief Denham hits out at GDPR scaremongering
Firms face Herculean task to keep right side of data law
Business leaders welcome new UK Data Protection Bill
Industry backs new UK data laws but calls for dialogue