The creation of the European Union was to give nations on the continent some combined muscle to stand up to the political and economic power of the U.S. and China. And in its tough data protection standards for organizations that want to do business in the EU it has done that.
But according a global survey paid for by Dell, with the EU’s new new General Data Protection Regulation (GDPR), which comes into effect May 2018, few organizations have more than a general awareness of the requirements of the new regulation, how to prepare for it, and the impact of non-compliance on data security and business outcomes. Those not fully compliant when GDPR goes into effect risk significant fines, potential breaches and loss of reputation.
Among the survey results:
- More than 80 per cent of respondents say they know few details or nothing about GDPR
- Less than one in three companies feel they are prepared for GDPR today
- Close to 70 per cent of IT and business professionals say they are not nor don’t know if their company is prepared for GDPR today, and only three per cent of these respondents have a plan for readiness
- Respondents in Germany feel most prepared for GDPR (44 per cent), while respondents in Benelux (Belgium, the Netherlands, Luxembourg) feel least prepared (26 per cent)
- More than 75 per cent of respondents outside Europe say they are not or don’t know if they are prepared for GDPR
- Nearly all companies (97 per cent) don’t have a plan in place when GDPR kicks off in 2018.
Dell says the survey also shows that while organizations realize failure to comply with GDPR will impact both data security and business outcomes, they are unclear on the extent of change required, or the severity of penalties for non-compliance and how changes will affect the business. Seventy nine per cent say they would not, or were not aware whether their organization would face penalties in its approach to data privacy if GDPR had been in effect this past year.
- Of the 21 per cent of respondents who said they would face a penalty if GDPR were in place today, 36 per cent think it would require only an easy remediation, or don’t know the penalty
- Close to 50 per cent believe they would face a moderate financial penalty or manageable remediation work
- Nearly 25 per cent expect significant changes in current data security practices and technologies.
Dell says best practices will help successfully address GDPR requirements and avoid the consequences of non-compliance. In addition, Canadian organizations that sell into the EU and keep EU citizens’ personal data should hire a data protection officer (DPO). A requirement for GDPR, the position can be full-time, or filled by an employee with other responsibilities or an outsourced agency.
Organizations should also have a firm access governance policy and access management.
The survey of 821 IT and business professionals responsible for data privacy was conducted by Dimensional Research responsible for data privacy at companies with European customers in the United States, Canada, Australia, Hong Kong, Singapore, India, United Kingdom, Germany, Sweden, Belgium, The Netherlands, France, Italy, Spain and Poland.