It has been two years since the EU General Data Protection Regulation (GDPR) entered into application. We have witnessed the first positive impacts of the law but also the challenges authorities, courts, and people have faced in its enforcement. The past 12 months have proven particularly demanding for the protection of personal data and the...
New global research from Dell reveals the lack of awareness among SMBs and large enterprises of the requirements of the EU's GDPR, going into effect in under two years
Eighty two percent of global and IT business professionals responsible for data security at both SMBs and enterprises are concerned with GDPR compliant.
A new global survey from Dell on the European Union's GDPR has revealed a general lack of awareness in many organisations of requirements of the new regulation, how to prepare for it and the impact of non-compliance on data security and business outcomes.
Respondents to the research included 821 IT and business professionals responsible for data privacy at companies with European customers from the UK, US, Canada, Asia Pacific and Europe. Business executives at organisations with less than 100 employees also completed the survey.
"This survey reinforces the global lack of general understanding of GDPR, the scope of the regulation, and what organisations need to do to avoid stringent penalties. Results also show that while some organisations 'think' they are prepared, they will be in for a rude awakening if they experience a breach or must face an audit and are subject to the consequences of non-compliance with GDPR," said John Milburn, VP and general manager, Dell One Identity Solutions.
In the UK, 74 percent of respondents say they know few details or nothing about GDPR. Only 10 percent are confident that they will be fully prepared in time for GDPR.
Only eight percent of UK respondents feel they are compliant with their current approach to data privacy and don't need to change. Less than half feel well-prepared for any of the security disciplines impactingGDPR.
Globally, more than 80 percent say they know few details or nothing about GDPR. Less than one in three companies feel they are prepared for GDPR today.
Close to 70 percent of IT and business professionals say they are not nor don't know if their company is prepared for GDPR today, and only three percent of these respondents have a plan for readiness.
In Germany, respondents feel most prepared for GDPR (44 percent), while respondents in Belgium, the Netherlands and Luxembourg feel least prepared (26 percent).
Furthermore, while organisations realise failure to comply with GDPR will impact both data security and business outcomes, they are unclear on the extent of change required or the severity of penalties for non-compliance and how changes will affect the business. Seventy nine percent say they would not or were not aware if their organisation would face penalties in its approach to data privacy if GDPR had been in effect this past year.
Of the 21 percent who said they would face a penalty if GDPR were in place today, 36 percent think it would require only an easy remediation, or don't know the penalty.
Close to 50 percent believe they would face a moderate financial penalty or manageable remediation work.
More than 60 percent of enterprise respondents in Europe are either not prepared for GDPR or don't know. Nearly 70 percent of SMB respondents said they are not or don't know if they're prepared.
More than 90 percent of respondents say their existing practices will not satisfy the new GDPR requirements.
"This new regulation provides uniform data protection rights across the EU, and, to be in compliance, both European organisations and those outside of Europe that do business there must adopt an adaptive, user-centric, layered security model approach around the tenets of prevent, detect, respond and predict," said Patrick Sweeney, VP, product management and marketing, Dell SonicWALL.
Latest posts in our blog
Read what's new this week
The General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the California Consumer Privacy Act of 2018 ('CCPA') (SB-1121 as amended at the time of this publication) both aim to guarantee strong protection for individuals regarding their personal data and apply to businesses that collect, use, or share consumer data, whether the...
Organizations across all industries, including government agencies, are facing a surge of ransomware attacks launched by cybercriminals. New types of ransomware principally causing this surge have the potential to cause significantly more business disruption and difficulty restoring computer data and networks. Attackers are also often demanding...