One year from GDPR, organizations are struggling to get compliant by the deadline
The EU General Data Protection Regulation (GDPR) comes into force on May 25th 2018, but a new survey by data protection company Varonis shows companies are struggling to meet the deadline and are pessimistic about its effects.
The results from 500 IT decision makers in the UK, Germany, France and the US, reveal that 75 percent of organizations say they will struggle to be ready for the deadline.
In addition 42 percent say that it's not a priority for their businesses, despite the threat of fines which could cost companies up to four percent of global turnover or €20 million (whichever is greater).
The UK is more pessimistic than other places about GDPR's impact. While 61 percent believe that, as consumers, they will benefit from their own personally identifiable information (PII) being better protected, 22 percent of UK IT decision makers see no benefit to their business from the regulations.
Only 37 percent of UK respondents think it will reduce breaches (compared to 53 percent of Americans), and 56 percent believe it will result in higher prices being passed on to customers and more complexity for their IT teams.
Only 15 percent of UK companies have allocated separate budgets to meet the demands of the regulations, in contrast to US companies where 52 percent have separate budgets. Nine out of ten respondents feel complying with the regulations poses challenges to their businesses. In particular Article 17, the 'Right to be Forgotten', is seen by 71 percent of UK respondents as the most challenging clause, followed by clauses 30 and 32: concerning the processing and securing of personal data.
There is agreement in all countries that the banking and financial sectors (63 percent) are most likely to receive the first fines should they experience a data breach. 48 percent of UK respondents believe that a UK organization will be the first recipient of a fine and 68 percent believe this is influenced by Brexit. German regulators are expected to be the most rigorous in holding to account companies in breach of the regulations, followed by the UK and then French regulators.
"What’s most worrying about the findings is that one in four organizations doesn’t have a handle on where its sensitive data resides," says Matt Lock, director of sales engineers at Varonis. "These companies are likely to have a nasty wake-up call in one year’s time. If they don't have this fundamental insight into where sensitive data sits within their organizations and who can and is accessing it, then their chances of getting to first base with the regulations are minuscule and they are putting themselves firmly at the front of the queue for fines."
You can find out more and sign up for a free GDPR risk assessment on the Varonis site.