Organisations ‒ SMBs and large enterprises ‒ lack general awareness of the requirements of the European Union’s new General Data Protection Regulation (GDPR), how to prepare for it, and the impact of non-compliance on data security and business outcomes. That’s according to the IT firm Dell.
The EU regulation goes into effect in May 2018 and affects companies of all sizes, in all regions, and in all industries. Those not fully compliant when GDPR goes into effect risk fines, potential breaches and loss of reputation.
Dell says that its survey results show that 82 percent of global IT and business professionals responsible for data security at both SMBs and enterprises are concerned with GDPR compliance. Although the majority of global IT and business professionals express compliance concerns, respondents lack general awareness of GDPR, and they are neither prepared for it now, nor expect to be when it goes into effect.
· More than 80 percent of respondents say they know few details or nothing about GDPR
· Less than one in three companies feel they are prepared for GDPR today
· Close to 70 percent of IT and business professionals say they are not nor don’t know if their company is prepared for GDPR today, and only three percent of these respondents have a plan for readiness
· Respondents in Germany feel most prepared for GDPR (44 percent), while respondents in Benelux (Belgium, the Netherlands, Luxembourg) feel least prepared (26 percent)
· More than 75 percent of respondents outside Europe say they are not or don’t know if they are prepared for GDPR
· Nearly all companies (97 percent) don’t have a plan in place when GDPR kicks off in 2018
While organisations realise failure to comply with GDPR will impact both data security and business outcomes, they are unclear on the extent of change required, or the severity of penalties for non-compliance and how changes will affect the business. Some 79 percent say they would not, or were not aware whether their organisation would face penalties in its approach to data privacy if GDPR had been in effect this past year.
· Of the 21 percent of respondents who said they would face a penalty if GDPR were in place today, 36 percent think it would require only an easy remediation, or don’t know the penalty
· Close to 50 percent believe they would face a moderate financial penalty or manageable remediation work
· Nearly 25 percent expect significant changes in current data security practices and technologies
Additional findings show that most organisations don’t feel well-prepared across security disciplines for GDPR compliance.
· Less than half of respondents feel well-prepared for any of the security disciplines impacting GDPR
· Only 21 percent feel well-prepared for access governance, a key security discipline for GDPR
· More than 60 percent of enterprise respondents in Europe either are not or don’t know if they are prepared for GDPR. Nearly 70 percent of SMB respondents in this region said they are not or don’t know if they are prepared for GDPR
· More than 90 percent of respondents say their existing practices will not satisfy the new GDPR requirements
· More than 80 percent said they are well- or somewhat prepared with their organisations’ current email security technologies
· Nearly 60 percent said they are well- or somewhat prepared with their organisations’ current access governance technologies
· More than 80 percent said they are well- or somewhat prepared with their access management technologies
· 65 percent said they are well- or somewhat prepared with their next generation firewall (NGFW) technologies.
John Milburn, vice president and general manager, Dell One Identity Solutions, said: “The European Union General Data Protection Regulation is the first update to European data protection laws since 1995, when the Internet was in its infancy and the constantly evolving cyber threats we know today did not exist. This survey reinforces the global lack of general understanding of GDPR, the scope of the regulation, and what organisations need to do to avoid stringent penalties. Results also show that while some organisations “think” they are prepared, they will be in for a rude awakening if they experience a breach or must face an audit and are subject to the consequences of non-compliance with GDPR.”
