GDPR: Much Work Still To Be Done

A survey by Protocol Policy Systems, a Socitm partner company, has revealed that public sector organisations still have a lot of work to do to prepare for major changes to data protection laws.

As time runs out to comply with the General Data Protection Regulation (GDPR), the survey found that many organisations may be at risk of non-compliance, risking regulatory action and reputational damage for not getting their house in order.

The research, conducted from 11 September to 23 October 2017, revealed just 22% of those surveyed had prepared specific IT policies in preparation for the new law, and of that figure 52% rated their preparation as average or poor.

The findings also showed that 15% of those surveyed had managed to review and amend procedures but only 5% had updated and distributed IT policies to all staff.

As a priority activity in preparation for GDPR, public sector organisations should start by conducting a review of the current information governance framework and its suitability to address the new requirements outlined in the legislation.

The Protocol Policy Systems research revealed 73% of organisations had or are currently reviewing their framework of documented IT policies and procedures around specific industry standards such as ISO 27001, ISO 27002 and PCI-DSS.

Protocol Policy Systems can assist you in reviewing, updating, implementing and sharing your IT security policies with cross-referencing to industry standards to demonstrate good information governance in preparation for GDPR.

For more information about its IT policy review or policy gap analysis service, please contact us.