As GDPR deadline looms, readiness lags

The deadline to GDPR (the EU’s General Data Protection Regulation) is now about a month away. Guess what?  One-third of SMBs still aren’t ready to comply, according to Janco Associates. The consultancy reviewed the compliance plans of 200 small and mid-sized businesses and found that 34 percent are not ready to meet GDPR mandates.

A recent survey from research firm IDC found similar, if not more pressing results. IDC’s survey identified that less than half of European small and midsize businesses have taken steps to prepare for the now looming GDPR mandates. Among non-European SMBs, the share of prepared firms is significantly lower.

Key findings from the survey include the following:

  • A significant share of small businesses in Europe (over 20% in the UK and Germany) indicate they are not aware of GDPR. For small businesses outside of Europe, about half are unaware. Midsize businesses show much greater awareness, 80-90%, across geographies.
  • Independent of GDPR awareness, almost 44% of European small businesses and 41% of midsize businesses say they will need to take compliance action. For non-European SMBs, the percentages are 38% for small businesses and 55% for midsize businesses. One-third of European SMBs and more than one-half of non-European SMBs have no plans to comply.
  • Only 29% of European small businesses and 41% of midsize businesses have taken steps to prepare for GDPR. Among non-European SMBs, the share of prepared firms declines to 9% among small businesses and 20% of midsize businesses.

The IDC report examined the awareness, activity, and expectations of small businesses (10-99 employees) and midsize firms (100-999 employees) with regard to GDPR. “The findings are based on a January 2018 survey of more than 2,000 business owners, line of business leaders, and IT leaders aware of or managing IT spending in seven countries: Brazil, China, Germany, India, Japan, the United Kingdom, and the United States,” IDC said in a statement.

Those who have been following may not be that surprised by the dismal results. Earlier this year, only slightly more than half of employees in the U.S. were found to be fully unaware of GDPR.

Many companies are in for a rude awakening after the deadline passes. I watched this happen, to a lesser degree, with the Payment Card Industry Data Security Standard, HIPAA, Sarbanes-Oxley, and even state data breach disclosure laws. Many firms just weren’t ready and they didn’t start readying themselves until they saw other organizations come under fire for failure to comply. I don’t expect GDPR to be much different, and I certainly expect there to be a number of organizations sanctioned in the next couple of years.



*** This is a Security Bloggers Network syndicated blog from Cybersecurity Matters – DXC Blogs authored by Cybersecurity Matters. Read the original post at: https://blogs.dxc.technology/2018/04/23/as-gdpr-deadline-looms-readiness-lags/