It’s more than a little alarming that with the start date of the European Union’s General Data Protection Regulation (GDPR) literally days away, a new report indicates that more than half of surveyed organizations won’t be ready to comply by the May 25th start date.
The Crowd Research Report, which surveyed more than 500 IT, cybersecurity, and compliance professionals, gives credence to concerns that the wide-reaching regulation – considered to be the first truly global mandate on consumer data – may be too large a pill for organizations to swallow, despite having almost 2 years of lead time to overhaul processes.
Only 40 percent of those surveyed said that they expect their organization will be GDPR compliant ahead of the start date, while just 7 percent are already where they need to be – with data protection officers and disclosure policies in place – to avoid facing fines as of May 25.
Despite these paltry numbers, 80 percent of the experts polled acknowledge that GDPR compliance is a top priority. What’s holding up full-compliance appears to stem from a lack of resources, citing insufficient expert staff (43 percent) – a growing concern across the cybersecurity landscape – and limited IT budget (40 percent).
While about one-third of all organizations acknowledge that big changes are necessary to meet compliance, roughly half will only be making minor changes before May 25 because of the limitations listed above. The good news is that most organizations (56 percent) expect their data governance budgets to increase over the short-term. This will be invaluable in the early days of GDPR, as it’s expected that regulators won’t be doling out a flood of fines right out of the gate, but will be targeting the most egregious violators on the outset.
That being said, there is no excuse for security teams to not already have many of the basic qualifications and policies for compliance in place already. This is especially true as big-name businesses are facing major scrutiny for poor data protection policies that could cause irreparable damage to business. Cybersecurity is more than just meeting compliance, as the fallout from a data breach or related incident can tarnish a brand indefinitely.
To better visualize what should be on your company’s GDPR checklist, download our latest infographic: “The 5 Ws of GDPR”
Simon Eappariello is the Senior Vice President, Product & Engineering, EMEIA at iboss