The finance industry is not very well prepared for tackling the complex challenges presented by the General Data Protection Regulation (GDPR). This is the finding of a survey of 253 CIOs and IT decision makers in the UK, conducted by data management company, NetApp.

Only 13% of IT Managers in the finance industry fully understand the GDPR. Just 33% claim to have a good understanding and 38% to have at least some understanding of the regulatory framework. At the same time, 17% admit they do not know what GDPR is – substantially more than in the retail (6%) and healthcare industry (8%).

Furthermore, only one fifth (21%) of finance industry IT Managers know where all of their data is – considerably less than their colleagues in the retail (24%) and healthcare (62%) sectors. Half of IT managers in the finance industry only know where some of their data is stored, and even more worryingly, nearly one third (29%) are not confident at all in knowing where their data is stored – which is key for GDPR compliance.

The consequences of a lack in understanding of GDPR:

• Only 38% of IT Managers do not have any concerns about meeting the GDPR deadline and delivering what is needed to protect their business’ reputation and assets.
• Meanwhile 59% have sleepless nights and 4% are extremely concerned.

Addressing the deficit in GDPR preparedness:

• Almost a third (29%) of financial IT Managers say they invest more in data regulation compliance, and just over a fifth (21%) have hired specific personnel with data protection expertise.
• Half of IT Managers in the finance industry have started to make some GDPR preparations and 33% claim they are already fully compliant.
• Only 13% – less than in the retail (24%) and healthcare (23%) industry – have not yet made any GDPR preparations.

The GDPR requires business to be compliant when processing EU citizens’ data within a robust data privacy compliance framework. The deadline for businesses to achieve full compliance is 25 May 2018.

Grant Caley, UK & Ireland Chief Technologist at NetApp at NetApp, said: “Whilst the finance industry lags behind in terms of GDPR preparedness, the investment into data regulation compliance and experienced staff will increase levels of both awareness and preparedness for GDPR. It remains to be seen if these investments are sufficient to get businesses compliant before the May 2018 deadline.

However, the survey also highlights the importance of ongoing education and how important it is for financial businesses to treat GDPR as a broad issue, involving legal and compliance teams as well as IT experts. Finance companies cannot achieve GDPR compliance using IT solutions alone – but these will form a fundamental part of the process once a comprehensive legal framework is in place.”