With Europe’s General Data Protection Regulation (GDPR) set for prime time on May 25, 2018, (no that’s not plenty of time) network security provider WatchGuard has produced a study looking at how well organizations understand the law, its impact on their business, and their readiness for the compliance deadline.
Bottom line: Any company that stores or processes personal information about EU citizens must comply with the GDPR’s privacy laws. The study’s results, however, show organizations (with the deadline now in sight) still lack a clear understanding of exactly how it applies to them. Do they realize they’re adrift in treacherous waters -- penalties for noncompliance are steep, up to four percent of global sales? Maybe yes, maybe no...some 44 percent of respondents don’t actually know how close their organization is to complying with the law. Yipes!
GDPR: How Are Companies Preparing?
From WatchGuard’s survey of 1,600 organizations, here are five takeaways to keep in mind (U.K. researcher Vanson Bourne did the legwork):
1. Who knows? 37 percent of organization don’t know if they need to comply with GDPR, while 28 percent believe their organization doesn't need to comply at all.
Of the organizations that don’t believe the law applies to them, 14 percent collect personal data from EU citizens. Some 28 percent that are unsure about GDPR compliance also collect this type of information.
In the Americas, just 16 percent of organizations believe they’ll need to comply.
2. Who’s ready? Despite knowing about GDPR for a while, only one in 10 companies said they’re 100 percent ready for it.
3. Getting there: 86 percent of those organizations recognizing they need to comply with GDPR believe they have a compliance strategy in place with firewalls, VPN and encryption security technologies.
4. Work left to do: 51 percent said their organization will need to make significant changes to their IT infrastructure in order to comply with GDPR.
5. The pressure is on: Respondents from organizations that are not yet GDPR compliant figure it will take them seven months to get the job done. About 48 percent are looking for third-parties to help out.
Every company with access to data from European citizens needs to understand GDPR and its impact, said Corey Nachreiner, WatchGuard CTO.
“Unfortunately, the data shows that an alarming amount of organizations are still unaware or mistaken about the necessity for GDPR compliance, leaving them three steps behind at this stage,” he said. “The only way to prevent unnecessary fines and frustration is to take a good hard look at the criteria, assemble a GDPR plan of action and begin implementing it immediately.”