- The time for complying with the General Data Protection Regulation (GDPR) is swiftly diminishing, and many organizations yet aren’t prepared.GDPR is a set of rules and regulations supported by the European Parliament, European Council, and European Commission to guarantee data protection for individuals within the European Union (EU), formally takes influence on May25, 2018. Every organization that manages data for individuals inside the coverage zone is affected, and the sentences for non-compliance can be up to four percent of the violating company’s global yearly revenue.
- The Research report via an online survey of more than 531 IT, cybersecurity, and compliance experts reveals that 60 percent of inspected organizations are expected to miss the compliance deadline.
- Just 40 percent of these inspected said they’re either GDPR-compliant or well on their way to compliance in time for the deadline, and only 7 percent said they’re in complete compliance with GDPR conditions.
- Several of the organizations (80 percent) acknowledge that GDPR compliance is the first preference, yet only half answered they are aware of the data isolation enactment or own extensive expertise with respect to the regulation. Something even more frightening is that given the number of publicity surrounding GDPR, one-fourth of the organizations responded they have no information or only insufficient information of the law.
- “What is striking in this study is the lack of staff with GDPR expertise and an overall underestimation of the effort required to meet GDPR, which represents the most sweeping change in data privacy regulation in decades,” said Holger Schulze, CEO of Cybersecurity Insiders and founder of the Information Security Community on LinkedIn, which commissioned the study.
- The main compliance difficulties facing organizations are a shortage of specialist staff (cited by 43 percent), shortage of budget (40 percent), and a poor understanding of GDPR regulations (31 percent). Most of the organizations (56 percent) anticipate their data governance estimates will expand, which will assist in addressing the GDPR provocations.
- Nearly one-third of the organizations said they’ll require making big modifications to their data security methods and systems to comply with GDPR, and more than half suspect to make simply minor modifications.
- At most organizations, IT and information security companies have the principal responsibility for meeting GDPR compliance. A majority of them said making an inventory of user data, and mapping the data to protected GDPR categories is a priority in their GDPR compliance efforts. This is followed by evaluating, developing, and integrating systems that support GDPR compliance.
- Most GDPR-relevant information is stored on assumptions. But about one-third of the organizations store information in the cloud or in hybrid IT environments, which makes control over the data possibly more difficult, the report said.