In the mundane world of regulation, GDPR is box office. It’s the hyped-up major event for 2018, the Mayweather – McGregor of rules, where the countdown clock has been running for what seems like half a lifetime. Millions of words have been written, and it’s been a paradise for thought leaders everywhere. So, six months out, everyone should be fully up to speed and getting ready for May 25th, right? Not even close.
Media outlets around the world – and especially in Europe – have been reporting throughout 2017 that businesses are far from ready:
UK: “89 per cent of organisations are still confused by GDPR”
Germany: “Only 2 per cent of companies are ready for GDPR”
USA: “A third of businesses do not feel prepared for GDPR”
Ireland: “Three quarters of firms not ready for GDPR”
France: “GDPR – CIOs are far from ready”
Netherlands: “Only one in three companies well acquainted with GDPR”
Yet, GDPR is six months away. While Brexit will formally separate the UK from EU law-makers, we will remain subject to regulations such as GDPR. The UK will still be part of the EU when GDPR comes into effect next year, and any organisation trading within its boundaries will be answerable to regulators if they find themselves in breach. That includes the UK, USA and everyone else – if you’ve got customers in the EU, GDPR applies.
More recently, the discussion around GDPR has shifted from awareness to readiness. But how are these preparations going? Taking a look around the European tech press doesn’t offer an encouraging picture:
Computerwoche (Germany) – “Only 2 per cent of companies are really prepared for GDPR”
Computerwoche, a leading German IT publication, reported that “hardly any companies seem to be really prepared for the GDPR”, citing research that shows only 2 per cent are ready. A further study suggests more than half of companies in the survey “have doubts about meeting the requirements of GDPR in a timely manner”.
The Independent (Ireland) – “Irish firms ‘not ready’ for GDPR”
The Independent also looked at business preparations, quoting research which said, “Three quarters of Irish businesses say they’re not ready for next year’s GDPR”. Almost all (95 per cent) of respondents said that meeting GDPR compliance would be “challenging or extremely challenging”. Over a third of the organisations surveyed had yet to appoint a data protection officer.
Computable (Netherlands) – “IT suppliers not ready for GDPR”
In the Netherlands, Computable reported that IT suppliers there were not ready to meet the security needs of municipalities in the country required under GDPR. Further research revealed a similar problem among SMEs, 78 per cent of whom “are unaware of the consequences” of GDPR. Among those who were aware, only 20 per cent thought they were compliant.
Le Monde Informatique (France) – “GDPR” French CIOs are far from ready”
France’s Le Monde Informatique, reported the findings of an IDC study which said that “less than 10 per cent of French companies say they comply” with GDPR. Describing the idea that businesses are over-informed as “a sham”, 27 per cent of respondents were “certain not to be ready” for next May’s implementation date.
Business Computing World (UK) – “89 per cent of organisations are still confused by GDPR”
Global trends are slightly harder to come by, but the results of a recent survey by Commvault back up the regional picture. Their research found that only 12 per cent of organisations are ready for the implementation of GDPR. Looking at data management in particular, the research revealed that “only 18 per cent of organisations . . . stated that they had the capability to delete data on request from all data stores.”
Europe is awash with GDPR uncertainty. But behind it all is one prediction you can put money on – the first serious data breach next May will create massive headlines. It remains to be see how big the first fines will be, but data protection will probably be never the same again.
By Jon Lucas, Director at Hyve Managed Hosting
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/