Marvin OnumonuVinciWorks surveyed 230 compliance, legal and IT professionals and found only 3.5% said their organisation was fully prepared for artificial intelligence (AI) regulation.
Over a quarter (29%) were still figuring out what rules even apply to them.
63% could not describe their organisation as prepared for the regulatory environment.
When it came to AI training, only a fifth (22%) said their organisation provides AI awareness training they consider effective.
Nearly half (48%) had no AI training but wanted to offer it.
Another 12% had no plans for training, and 12% had training in place but said it was not very effective.
In total, 78% lacked effective AI training at a time when regulators expect staff to understand and document how AI systems handle personal data.
When asked about GDPR and AI, 27% pointed to automated decision-making rules as the biggest challenge, 23% to data minimisation and retention, and 21% to vendor and model provider oversight.
Nick Henderson-Mayo, head of compliance at VinciWorks, said: “GDPR is bundled into AI compliance.
“Regulators are applying existing data protection laws to AI systems right now, and they expect organisations to be able to explain what their systems are doing, justify their lawful basis and demonstrate that individuals’ rights remain meaningful.
“If you’re using AI that processes personal data, the ICO expects you to comply with your data protection obligations today.”
Among respondents, 64% said AI had been only slightly or not at all disruptive to their compliance programme so far, while 12% said it had been very or extremely disruptive.
Only 9% felt very confident their organisation’s AI use was compliant, while a third (33%) said they were not very confident or not confident at all.
The largest group, 30%, described themselves as only somewhat confident.
