Despite the attention that the pending General Data Protection Regulation is getting, a significant number of organizations are still ill-prepared for GDPR and are unsure if they meet the criteria for compliance.

That is the finding of a new survey of more than 1,600 organizations conducted by independent market research firm Vanson Bourne, which found widespread confusion about GDPR compliance criteria and an overall lack of preparation.

“The results show that a staggering 37 percent of respondents simply don’t know whether their organization needs to comply with GDPR, while 28 percent believe they don't need to comply at all,” the study revealed. Respondents in the UK appear better informed than their American counterparts, with 25 percent of ‘don’t knows’ and just 13 percent under the impression that they do not need to comply.

Corey Nachreiner
Corey Nachreiner

According to the GDPR criteria, any company that stores or processes personal information about EU citizens must demonstrate compliance. Of the respondents who don’t believe the law applies to their organization, one in seven collect personal data from EU citizens, while 28 percent of respondents unsure about compliance also said that they collect this type of information, the study noted. The results suggest that many organizations are misinterpreting which types of data constitute a mandate for compliance.

“Once enforcement for this new legislation begins, companies all over the world will feel its impact. Unfortunately, the data shows that an alarming number of organizations are still unaware or mistaken about the need for GDPR compliance, leaving them three steps behind at this stage,” said Corey Nachreiner, chief technology officer at WatchGuard, which sponsored the study.

“In the Americas, just 16 percent of organizations believe they need to comply. With sensitive customer data and non-compliance fines at stake, every company with access to data from European citizens needs to ensure they truly understand GDPR and its ramifications,” Nachreiner said.

Lack of Preparation

While many organizations have been aware of GDPR for some time, just 10 percent of respondents – including those in the UK – believe their company is currently 100 percent ready, the study revealed. Another 44 percent of respondents stated that they don’t know how close their organization is to compliance.

Of those who reported that their organization needs to comply with GDPR (35 percent of total respondents), the majority (86 percent) believe they have a solid compliance strategy in place. But, 51 percent of those respondents believe that their organization will need to make significant changes to their IT infrastructure in order to comply.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access