As time runs out to comply with the General Data Protection Regulation (GDPR), the survey found that many organisations may be at risk of non-compliance, risking regulatory action and reputational damage for not getting their house in order.
The research, conducted from 11 September to 23 October 2017, revealed just 22% of those surveyed had prepared specific policies in preparation for the new law, and of that figure 52% rated their preparation as average or poor.
The findings also showed that 15% of those surveyed had managed to review and amend procedures but only 5% had updated and distributed IT policies to all staff.
As a priority activity in preparation for GDPR, public sector organisations should start by conducting a review of the current information governance framework and its suitability to address the new requirements outlined in the legislation.
The Protocol Policy Systems research revealed 73% of organisations had or are currently reviewing their framework of documented policies and procedures around specific industry standards such as ISO 27001, ISO 27002 and PCI-DSS.
Protocol Policy Systems can assist you in reviewing, updating, implementing and sharing your IT security policies with cross-referencing to industry standards to demonstrate good information governance in preparation for GDPR.
For more information about its IT policy review or policy gap analysis service, please email steve.macmillan@protocolpolicy.com or call 07769 338003.