28% of businesses are unsure about their compliance with the General Data Protection Regulation (GDPR), according to a survey carried out by Infosecurity Europe.
The GDPR came into effect on 25 May 2018, and organisations were required to be fully compliant with the new regulation by this time.
Under the GDPR, all organisations that deal with individuals living in an EU member state must protect the personal information belonging to those individuals, and must have verified proof of such protection.
The GDPR places significant emphasis on transparency and accountability, and requires businesses of all sizes to be responsible for safeguarding the collection, storage and usage of personal data.
A handful of survey respondents revealed that they were not confident that they would pass a GDPR audit.
Businesses were also asked if they could identify where personal data is stored on their systems. More than half stated that they would require an additional three months to organise their systems in order to successfully identify where personal data is kept.
Commenting on the findings, Terry Ray, Chief Technology Officer at cyber security firm Imperva, said: ‘The deadline has now come and gone, and yet the study shows that many organisations aren’t sure they have achieved GDPR compliance.
‘Any company that put GDPR off until the last minute now realises compliance cannot be achieved overnight.’