Spiceworks, recently announced the results of a new survey examining organisational readiness for the General Data Protection Regulation (GDPR) across the United States, United Kingdom, and the rest of the European Union. The results show that among organisations impacted by the GDPR, 61 percent of U.K. organisations are already compliant or expect to be by the May 25, 2018 deadline, compared to 46 percent of organisations in the rest of the EU and only 25 percent in the U.S. The findings indicate most organisations are not concerned about potential GDPR penalties, and as a result, many organisations aren’t prioritising compliance.
The results show only 14 percent of U.K. organisations, 9 percent of EU organisations, and 3 percent of U.S. organisations believe they’ll be fined for not complying with the GDPR by the May 25 deadline. Although concerns over fines are low, respondents do have lingering questions about the impact the GDPR will have on their organisation. For example, about one-third of IT professionals believe the GDPR will make their jobs more difficult, and about 20 percent believe the GDPR will make it more difficult for their company to do business.
Time and resources spent preparing for the GDPR
Among organisations impacted by the GDPR, the results show U.K. organisations are further ahead in their preparations. More than 60 percent are conducting data audits and documenting their processes to prove compliance, compared to less than half of EU organisations and less than one-third of U.S. organisations. Additionally, 59 percent of U.K. organisations are training employees to be GDPR compliant, compared to 54 percent in the EU and 21 percent in the U.S.
The results also show U.K. organisations are spending the most time on GDPR readiness. Thirty percent of organisations in the U.K. expect their IT department to spend more than 120 hours preparing, compared to 25 percent in the rest of the EU and 18 percent in the U.S. Nearly 60 percent of U.S. organisations expect their IT department to spend less than 40 hours preparing for the GDPR.
Why companies are missing the GDPR deadline
Regardless of the time and resources spent on compliance efforts, many companies will not meet the May 25 deadline, and some organisations don’t expect to be compliant for a year or more after the deadline. Among organisations that expect to miss the deadline, 60 percent of IT professionals in the U.K. and 64 percent in other EU countries cite a lack of time and resources as the primary reason for missing the deadline. Conversely, 40 of IT professionals in the U.S. said the primary reason they will not meet the deadline is because it’s not a priority for their organisation.
Despite the challenges of complying with the GDPR, IT professionals generally support the regulations, particularly in the U.K. and EU. Seventy-five percent of IT professionals in the U.K. and 70 percent in the rest of the EU are in favor of the GDPR. A majority of IT professionals (53 percent) in the U.S. said they don’t have an opinion one way or the other. However, in light of recent, high-profile data privacy disclosures and Congressional hearings, a Spiceworks poll showed 66 percent of IT professionals believe the U.S. should implement data privacy regulations similar to the GDPR.
“On paper, most IT pros support the principles of the GDPR and want to protect personal data, but in practice, many hurdles are keeping organisations from becoming compliant in a timely manner,” said Peter Tsai, senior technology analyst at Spiceworks. “As a result, European regulators might have their hands full, considering many organisations won’t be GDPR compliant for months or years to come, and few believe they will be penalised.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/