Half of U.S. Companies Face Serious Challenges in Becoming GDPR Compliant

A recent Varonis survey of 500 cyber security professionals in the U.S., U.K., Germany and France found that 50 percent of U.S. respondents and 60 percent of E.U. respondents believe they face serious challenges in becoming compliant with the upcoming E.U. General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018.

Fifty-seven percent of respondents are concerned about compliance with GDPR — 56 percent said the “right to be forgotten” poses the greatest challenge in meeting GDPR requirements, followed by implementing data protection by design.

While 38 percent of respondents said their organizations don’t view compliance with GDPR as a priority, 74 percent said meeting GDPR requirements will give them a competitive advantage over other companies.

Notably, 74 percent of respondents said some organizations could be crippled by the fines imposed under GDPR.

And many are making progress — 36 percent of companies in the U.K., 35 percent in Germany, 42 percent in France and 30 percent in the U.S. say they’re already in compliance. Almost 90 percent of companies in the E.U. are aware of GDPR, compared to just 65 percent of U.S. companies.

“It’s encouraging to see progress made surrounding the GDPR, and yet it’s deeply concerning that more than half of the organizations surveyed continue to face compliance challenges,” Varonis CMO David Gibson said in a statement.

“The GDPR represents a significant change in the way data must be handled,” Gibson added. “It’s alarming that so many respondents simply aren’t worried, especially given that many organizations are not tackling the biggest problems and best practices around data collection, management and protection. Ignorance is not bliss when it comes to the GDPR, and organizations that have fallen behind in their preparations must ramp up their compliance activities or they could take a serious financial hit once the regulations take effect.”

Impact in the U.S.

A separate Thales eSecurity survey of 1,500 C-level executives in the U.K., U.S. and Germany found that 35 percent of U.S. respondents don’t think they’ll be fully prepared for GDPR by May 2018.

While 53 percent of U.S. respondents don’t expect GDPR to have any impact on their operations at all, 45 percent of worry that GDPR will hinder their organization’s ability to innovate, and 56 percent expect that becoming compliant will increase complexity and red tape in their business.

Eighteen percent of U.S. respondents expect GDPR to have a negative impact on their relationships with international partners.

Oddly enough, while 20 percent of U.S. respondents say GDPR will lead to fewer data breaches, 49 percent of U.S. respondents worry that it will actually lead to more breaches.

Still, 35 percent of U.S. respondents said similar regulations should be put in place in the U.S.

Two thousand consumers in the U.K. and Germany were also surveyed — 47 percent said they believe companies don’t care about their privacy, and 42 percent said they don’t trust anyone to keep their personal information private. More than three quarters of consumers believe increased regulation will improve the privacy of their online data.

“Organizations that are not prepared for the GDPR would be remiss to think that this regulation won’t impact their business operations,” Thales eSecurity solutions manager Jim DeLorenzo said in a statement. “In fact, if organizations fail to comply, they could face multiple legal challenges as well as staggering fines, consequences that will undoubtedly garner negative attention.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles