CIOs are largely confident their organisations will be compliant with GDPR by 25 May 2018, according to the 2018 CIO 100. Some 70% of organisations and their CIOs said that they were either already compliant (14%), or more confident than concerned (56%), that they have put the correct measures in place to comply with the regulations. Not all members of the CIO 100 share their confidence, however. A quarter of the respondents said they were as confident as they were concerned that they would be ready for GDPR, while 4% were more concerned than confident, and a worrying 1% said they were not at all confident or very concerned. Read next: How CIOs are preparting for GDPR Information Commissioner Elizabeth Denham advised them to focus on upholding the fundamental human rights around data protection, as GDPR will only be strengthening and enforcing these principles. “GDPR is an evolution in data protection, not a total revolution,” she said. “It demands more of organisations in terms of accountability for their use of personal data and enhances the existing rights of individuals. If you are already complying with the terms of the Data Protection Act, and have an effective data governance programme in place, then you are already well on the way to being ready for GDPR. “Many of the fundamentals remain the same and have been known about for a long time. Fairness, transparency, accuracy, security, minimisation and respect for the rights of the individual whose data you want to process – these are all things you should already be doing with data and GDPR seeks only to build on those principles.” Legal and regulatory advice on GDPR preparations Data privacy lawyer Annabel Gillham told CIO UK that the survey results were encouraging. She pointed to recent research by Ernst & Young that revealed that the GDPR preparations of many executives are behind even the most concerned members of the CIO 100 Of the 745 executives from 19 countries that Ernst & Young asked about GDPR, 39% indicated that they are not even familiar with the regulation. Read next: GDPR tips for CIOs: How to ensure compliance with GDPR “For those who are feeling less confident about GDPR preparedness, it’s time to embrace it!” said Gillham, an attorney at Morrison & Foerster. “It’s far better at least to have made a start prior to 25 May, even if you are not going to be fully compliant by then. “It’s worth remembering that the ICO will expect you to have records of data processing, as well as compliant policies at your fingertips. If necessary given the looming deadline, identify the higher risk, data-heavy areas of the business and start there.” Radius Payment Solutions CIO Dave Roberts told CIO UK that he was embracing the positives of GDPR as a business opportunity. “GDPR regulation is helping to drive best practice within organisations,” said the CIO 100 member. “The GDPR journey goes beyond the 25 May deadline and should become ingrained into the culture and DNA of the business. “Good data governance is helping to differentiate organisations, with data now being considered as a critical business asset. It is important that the asset is managed appropriately with a customer-centric view to ensure data privacy is upheld and respected. Organisations that get this right will flourish, those that don’t will cease to be.” GDPR threats and opportunities Data protection breaches under GDPR could cause reputational as well as financial damage, but the regulation also offers organisations the chance to enhance their image, build customer loyalty and improve the accuracy of their data. Denham is keen to promote the positives of GDPR and the message that big fines will be a last resort rather than the norm. “We pride ourselves on being a fair and proportionate regulator and this will continue under the GDPR,” she said. “Those who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider any regulatory action.” Related content BrandPost The future of trust—no more playing catch up Broadcom: 2023 Tech Trends That Transform IT By Eric Chien, Director of Security Response, Symantec Enterprise Division, Broadcom Mar 31, 2023 5 mins Security BrandPost TCS gives Blackhawk Network an edge with Microsoft Cloud In this case study, Blackhawk Network’s Cara Renfroe joins Tata Consultancy Services’ Rakesh Kumar and Microsoft’s Nilendu Pattanaik to explain how TCS transformed the gift card company’s customer engagement and global operati By Tata Consultancy Services Mar 31, 2023 1 min Financial Services Industry Cloud Computing IT Leadership BrandPost How TCS pioneered the ‘borderless workspace’ with Microsoft 365 Microsoft’s modern workplace solution proved a perfect fit for improving productivity and collaboration, while maintaining security of systems and data. By Tata Consultancy Services Mar 31, 2023 1 min Financial Services Industry Microsoft Cloud Computing BrandPost Supply chain decarbonization: The missing link to net zero By improving the quality of global supply chain data, enterprises can better measure their true carbon footprint and make progress toward a net-zero business ecosystem. By Tata Consultancy Services Mar 31, 2023 2 mins Retail Industry Supply Chain Green IT Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe