The EU General Data Protection Regulation implements sweeping changes on companies that deal with customer data. Compliance laws go into effect on May 25, 2018, and most companies aren't prepared.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- A new report finds that 60% of businesses are likely to miss the GDPR compliance deadline of May 25, 2018. Most businesses cite a lack of budget and not enough staff knowledge to implement changes.
- It isn't just EU businesses that are affected by the GDPR—any business that offers a service to EU residents is required to comply. That means the GDPR affects most every business with an internet presence.
A survey of tech decision makers has found that fewer than 40% are confident that their organizations will be compliant with the General Data Protection Regulation (GDPR) when it goes into effect on May 25, 2018.
The GDPR was put in place to protect the personal data of EU residents and affects any business that has customers located in the EU. There is no restriction based on location, company size, or scope of business, meaning any entity with an internet presence could be affected.
The report, compiled by Crowd Research Partners, further reveals that only seven percent of businesses report being in compliance with the GDPR, and 28% have not even begun to work toward the May 25 deadline.
Non-EU companies can't relax either—fines for non-compliance are stiff and any service offered to an EU resident, regardless of whether the service is free and which country hosts its servers, has to play by the rules.
SEE: Hiring kit: GDPR data protection compliance officer (Tech Pro Research)
The state of GDPR compliance
With only a little more than a month before the GDPR takes effect, and with 80% of those surveyed saying that compliance is in their organization's top three priorities, the hope would be that most are further along.
That isn't the case, though: Along with the seven percent that are already compliant, only a further 33% are confident they'll make the deadline. That leaves 60% of businesses affected by the GDPR unsure they'll meet the deadline, which could open them up to millions of Euros in fines.
SEE: IT leader's guide to big data security (Tech Pro Research)
It's also worth noting that only 28% of survey participants said the GDPR would require significant changes in their security practices—56% said becoming complaint would require relatively minor changes.
So if GDPR security policy isn't going to require drastic action for most companies, why haven't more of them taken steps toward compliance? Personnel and budget.
43% say they lack staff with the critical skills needed to make GDPR changes, and 40% say they don't have the budget to enact necessary changes.
What do businesses need to do to become GDPR compliant?
If you're among the 60% of businesses that have yet to become compliant with the GDPR it's time to get serious—May 25 will be here before you know it.
The steps you need to take to become GDPR compliant largely depend on the kind of business you have and the sort of customer data you collect. TechRepublic's premium sister site, Tech Pro Research, has a GDPR policy and a GDPR compliance checklist available for download, so if you're confused about where to start, those resources may help.
There are a lot of things to consider when getting ready for the GDPR, and now is the time to consider all of them.
- Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
- What is GDPR? Everything you need to know about the new general data protection regulations (ZDNet)
- EU General Data Protection Regulation (GDPR): A cheat sheet (TechRepublic)
- MinerEye launches AI-powered Data Tracker to bolster GDPR compliance (ZDNet)
- Top 5: Things you should know about GDPR (TechRepublic)