Home →Security →GDPR Is Coming Soon … and Companies Aren't Ready

GDPR Is Coming Soon … and Companies Aren't Ready

By Samuel Greengard | Posted 10-25-2017

1 of

GDPR Is Coming Soon … and Companies Aren't Ready

The E.U. General Data Protection Regulation will impact all companies that have customers in Europe, but many organizations haven't started preparing for it.
Awareness Exists

95% of the executives surveyed are aware that they need to comply with the GDPR, and 85% have reviewed its requirements.
Feeling Secure

79% believe their data is as secure as it can be.
False Sense of Security?

64% don't know that a customer's date of birth is personally identifiable information (PII). 42% don't know that email marketing databases contain PII. 32% don't consider physical addresses as PII. 21% don't view a customer's email as PII.
No Worries?

66% were dismissive about the amount they could be fined if they didn't comply with the GDPR. They believe reputation and brand equity damage are the biggest risks.
Steep Fines

Only 33% of the executives surveyed knew that GDPR fines could be as high as €20 million, or 4% of their company's worldwide annual revenue of the prior financial year.
Not So Fine

Despite being aware of the huge GDPR fines for noncompliance, one in five respondents said that the fine "wouldn't bother them."
Who's Accountable?

Only 14% of the executives surveyed knew that the loss of EU customer data is the responsibility of both the company and service providers.
Confusion Abounds

51% incorrectly believe that fines are imposed only on EU data owners, and 24% incorrectly think that they affect only service providers.
Who Should Lead a GDPR Initiative?

31% of respondents said the CEO should lead, and 27% said the CISO should take charge. 22% said a board-level executive should participate. Yet, only 21% have a senior-level executive involved.
Mandate: State-of-the-Art Tech

The GDPR mandates that businesses must implement state-of-the-art security technologies that are relative to the risks faced.
Only a Minority Comply With Tech Mandate

34% have implemented advanced capabilities to identify intruders. 33% have invested in data leak prevention technologies. 31% have employed encryption technologies.
- GDPR Is Coming Soon … and Companies Aren't Ready
  
  View Slideshow »
View All Slideshows >

When the European Union's General Data Protection Regulation (GDPR) takes effect on May 25, 2018, it will affect global companies in a significant way. The initiative establishes specific requirements for how organizations must handle personal data touching E.U. citizens—even businesses that aren't physically located in Europe. The GDPR requirements include the need to appoint a data protection officer and follow specific guidelines about how an enterprise communicates with its customers in the E.U. about data and privacy. A September 2017 survey conducted by cyber-security solutions provider Trend Micro, in conjunction with Opinium, found that most executives are not adequately prepared for GDPR, and the fallout could be significant. Understanding is lacking, planning is lagging and security strategies aren't yet in place. All of this could result in large fines and other penalties—including lawsuits. Here's a look at some of the key findings from 1,132 online interviews with IT decision-makers from businesses with 500+ employees in 11 countries, including the United States.

Samuel Greengard writes about business and technology for Baseline, CIO Insight and other publications. His most recent book is The Internet of Things (MIT Press, 2015).