60 percent of organizations aren't ready for GDPR
With the deadline of May 2018 looming closer, a new survey shows 60 percent of respondents in the EU and 50 percent in the US say they face some serious challenges in being GDPR compliant.
The study by data protection specialist Varonis polled 500 cyber security professionals in organizations with over 1000 employees in the UK, Germany, France and the US and finds more than half (57 percent) of professionals are concerned about compliance with the standard.
38 percent of respondents report that their organizations do not view compliance with GDPR by the deadline as a priority. 74 percent believe that adhering to GDPR will give them a competitive advantage over other organizations in their sector.
What is seen as the biggest challenge varies by geography. For UK respondents, 58 percent think that implementing data protection by design poses the greatest challenge in meeting the GDPR, followed by the right to erasure. In the US security of processing is seen as the biggest challenge, followed by data protection by design. Both Germany and France see the right to erasure as the biggest challenge.
"Things are moving in the right direction but some organizations are yet to get the groundwork done. Some have still to survey the data that they're holding and the processes around it," says Matt Lock, Varonis' director of sales engineers and GDPR expert. "There’s still a long way to go. We also don't know at this stage whether the ICO will have the resources to enforce GDPR."
36 percent of respondents in the UK, 35 percent in Germany and 42 percent in France report already being in compliance. In the UK, 51 percent of respondents say their organisation is more than 50 percent complete in their compliance process. However, one in four US respondents believe their firms don’t need to comply with GDPR.
"There's a growing acceptance that implementation of GDPR will be quite hard, people won't just be able to tick a box on May 25th to say that they're ready," adds Lock. "Many organizations are realising it's a monster task. We're seeing lots of different approaches too, in many cases businesses are looking to get rid of data -- which is a bit all or nothing -- but there are also phased projects to identify data and ensure compliance. The big challenge for organizations now is just the wealth of data they collect. I think GDPR may be a driver for some businesses to reduce the amount of information they hold."
You can find out more in the full report which is available from the Varonis website.