Small survey but still very worrying- adds to anecdotal evidence that organisations still in confusion about "Subject Access Requests" (SAR) nor the extent of personal data in and across the org. Add to that- most organisations cannot access unstructured data and RETRIEVE the relevant data for SARs.
But they have to- end of! From May 25th this year.
Two-thirds of the respondents didn’t know if individuals’ personal data could be purged entirely from their systems. Twenty-two percent were not aware they needed to comply with the GDPR if they captured and maintained data of European Union citizens, since they are based outside the U.S. (Many experts say they do.) Nearly 40% said that personal data at their companies is not protected from misuse and unauthorized access throughout its lifecycle. Sixty-four percent of responding organizations don’t have a Data Protection Officer, as required by GDPR. More than half don’t know if they have explicit consent from individuals for processing of their personal data.