Survey shows confusion around GDPR compliance
GDPR compliance is proving to be an obstacle as the looming deadline throws light on worldwide confusion and lack of preparation.
The GDPR (General Data Protection Regulation) deadline set for May 25, 2018, however, WatchGuard Technologies has shown within their survey that many organisations are ill-fitted due to uncertainty surrounding compliance criteria.
A mind-boggling 37 percent are unaware of whether their organisation needs to comply with the data protection requirement according toWatchGuard Technologies, while 28 percent believe they there is no need to comply. UK respondents are, however, better informed, with 25% of ‘don’t knows’ and a mere 13% under the impression that they do not need to comply.
The GDPR related survey scrutinised the views of over 1,600 organisations and was carried out by independent market research firm, Vanson Bourne.
Corey Nachreiner, chief technology officer of WatchGuard, said:
“Once enforcement for this new legislation begins, companies all over the world will feel its impact. Unfortunately, the data shows that an alarming number of organisations are still unaware or mistaken about the need for GDPR compliance, leaving them three steps behind at this stage…In the Americas, just 16 percent of organisations believe they need to comply. With sensitive customer data and non-compliance fines at stake, every company with access to data from European citizens needs to ensure they truly understand GDPR and its ramifications.”
“Penalties for noncompliance are steep and the deadline is just around the corner. Companies stand to lose four percent of their worldwide revenue if they haven’t met all the requirements by next May. The only way to prevent unnecessary fines and frustration is to take a good hard look at the criteria, assemble a GDPR plan of action and begin implementing it immediately.”
GDPR criteria states that any company which processes or stores personal information relating to EU citizens must demonstrate their compliance. Of the many respondents who do not believe the law applies to their organisation, one in seven collect their personal data from EU citizens, while 28 percent of respondents are unsure whether or not they collect this variety of information.
For businesses that are not yet GDPR compliant, respondents estimate that it will take approximately seven months to complete the requirements – nearly half of those might are reported to potentially seek assistance with compliance from an outside party.
Despite time running out, of those who reported that their organisation needs to comply, 86 percent believe they have a robust compliance strategy implemented. However, 51 percent of those believe that their organisation will need to make major changes to their IT infrastructure in order to comply.
Firewalls, VPN and encryption are shown to be the security measures most likely to be involved in compliance strategies.