Many UK businesses don't know if they are GDPR compliant

data protection

Every fifth business in the UK has "no idea" if their corporate policies are enough to comply with the upcoming General Data Protection Regulation (GDPR). This is according to a new report by Citrix, which investigates the obstacles companies in the UK are still facing when it comes to complying with GDPR.

The report says there are three major roadblocks --data sprawl, a huge influx of personal customer information and uncertainty around data ownership.


"The GDPR will do far more than strengthen data privacy rights. The regulation will set a high bar for responsibility and accountability – and not one that every business will meet," commented Chris Mayers, chief security architect at Citrix.

"While many British organizations are taking steps to achieve compliance in time for the May 2018 deadline, our research clearly reveals some significant obstacles, including uncontrolled data sprawl and lack of understanding around data ownership."

The report, based on a poll of 500 IT decision makers at companies across the UK with 250 or more employees also found that the average UK business now uses 24 systems to manage and store personal data. One in five use 40. Almost half are seen sharing personal data from customers with other businesses.

On a daily basis, large enterprises collect data from 577 individuals. Every fourth large business collects data from more than 1,000 people every day. Despite the fact that almost two thirds store and manage personal data based on predictive analytics, they couldn’t agree who owns the data.

A quarter thinks the customer is the owner, while half think it’s the company.

Published under license from, a Future plc Publication. All rights reserved.

Photo Credit: Den Rise/Shutterstock

Comments are closed.

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.