Eighty two percent of global and IT business professionals responsible for data security at both SMBs and enterprises are concerned with GDPR compliant.
A new global survey from Dell on the European Union's GDPR has revealed a general lack of awareness in many organisations of requirements of the new regulation, how to prepare for it and the impact of non-compliance on data security and business outcomes.
Respondents to the research included 821 IT and business professionals responsible for data privacy at companies with European customers from the UK, US, Canada, Asia Pacific and Europe. Business executives at organisations with less than 100 employees also completed the survey.
“This survey reinforces the global lack of general understanding of GDPR, the scope of the regulation, and what organisations need to do to avoid stringent penalties. Results also show that while some organisations ‘think' they are prepared, they will be in for a rude awakening if they experience a breach or must face an audit and are subject to the consequences of non-compliance with GDPR,” said John Milburn, VP and general manager, Dell One Identity Solutions.
In the UK, 74 percent of respondents say they know few details or nothing about GDPR. Only 10 percent are confident that they will be fully prepared in time for GDPR.
Only eight percent of UK respondents feel they are compliant with their current approach to data privacy and don't need to change. Less than half feel well-prepared for any of the security disciplines impacting GDPR.
Globally, more than 80 percent say they know few details or nothing about GDPR. Less than one in three companies feel they are prepared for GDPR today.
Close to 70 percent of IT and business professionals say they are not nor don't know if their company is prepared for GDPR today, and only three percent of these respondents have a plan for readiness.
In Germany, respondents feel most prepared for GDPR (44 percent), while respondents in Belgium, the Netherlands and Luxembourg feel least prepared (26 percent).
Furthermore, while organisations realise failure to comply with GDPR will impact both data security and business outcomes, they are unclear on the extent of change required or the severity of penalties for non-compliance and how changes will affect the business. Seventy nine percent say they would not or were not aware if their organisation would face penalties in its approach to data privacy if GDPR had been in effect this past year.
Of the 21 percent who said they would face a penalty if GDPR were in place today, 36 percent think it would require only an easy remediation, or don't know the penalty.
Close to 50 percent believe they would face a moderate financial penalty or manageable remediation work.
More than 60 percent of enterprise respondents in Europe are either not prepared for GDPR or don't know. Nearly 70 percent of SMB respondents said they are not or don't know if they're prepared.
More than 90 percent of respondents say their existing practices will not satisfy the new GDPR requirements.
“This new regulation provides uniform data protection rights across the EU, and, to be in compliance, both European organisations and those outside of Europe that do business there must adopt an adaptive, user-centric, layered security model approach around the tenets of prevent, detect, respond and predict,” said Patrick Sweeney, VP, product management and marketing, Dell SonicWALL.