As the statistics announced this week highlight that apparently 94% of the UK's biggest companies are not 'completely ready' for GDPR, it raises the question - What does 'completely ready' look like for your business?
GDPR has a wealth of implications - legal, technical, process to name but a few - and getting ready must mean seeking the right approach and advice specific to your business. It may be that, of those 94% yet to be ready for GDPR, their legal teams and advisors are ready but their systems are not. Or their systems and policies are robust but processes are not yet in place. And a business that is truly ready is one that has understood and integrated client journey and touch points into the GDPR picture.
Which makes the framing of the Cyber security statistic interesting: 90% of boards have a cyber security plan - they are ready.
GDPR and cyber security have a whole business impact. Certain teams will naturally lead on these issues but the practice and buy-in at all levels across the business is key to being 'completely ready'.
90% have planned for a cyber attack. Only 6% are ready for GDPR.
What do the two statistics tell us? Is cyber security being treated as a board-level issue whereas GDPR is being dealt with in silos and not yet on the board room agenda?
Among the UK’s 350 biggest companies, 10% of boards have no plans in place to respond to cyber attacks, while just 6% say their business is completely ready for the new data laws being brought in next May under the EU’s General Data Protection Regulation (GDPR).