Earlier this month, I wrote that organizations lack understanding of GDPR. Now, new research shows one way that lack of understanding comes into play. Companies may believe they are ready for May 25, but is that really the case?
An article in ComputerWeekly.com pointed to a study that found that 98 percent of Fortune 500 companies say they are on track to be in compliance by the GDPR deadline. Though the article continued:
However, the survey also shows less than half (39 percent in the UK and 47 percent in the US) have set up an internal GDPR taskforce, only a third are hiring a third-party to conduct a GDPR gap analysis, and roughly only a third are hiring a third-party consultant to assist with compliance, all of which suggests many companies are not as well-prepared as they think.
Is this their plan? To procrastinate until April and then rush toward the finish line? This sounds like anything but on schedule to be ready in time.
A new study from Solix Technologies may be a better indication of where GDPR readiness stands. After conducting an online survey on GDPR readiness with IT professionals at over 100 companies, the company found mixed results in levels of data privacy preparedness. For example, 65 percent of organizations are unsure if an individual’s personal information is purged from all systems, 38 percent of organizations say that all their personal data under the new GDPR rules is not protected from misuse and unauthorized access at every stage in its lifecycle, and 53 percent of organizations are not confident that processing of all personal data is based on explicit permission provided by the individual. And yet, I think the number that alarms me the most is this one: 22 percent of organizations are unaware that they must comply with GDPR, even if they are based outside of the European Union but hold data of EU citizens. Sure, that’s the lowest number I saw in the study, but that’s nearly a quarter of the respondents who entered 2018 without knowing they need to be prepared.
In what may be the understatement of 2018 so far, John Ottman, executive chairman of Solix Technologies, said in a formal comment:
Based on our survey data, it’s clear that the majority of organizations are not currently prepared to meet GDPR requirements. There is an urgency to take steps now, as the enforcement deadline quickly approaches and applies to anyone who is currently operating with EU customers.
I go back to my original question – are so many companies unprepared because of the lack of understanding and education surrounding GDPR? Or does that lack of understanding have them thinking they are in a good place because they’ve caught up to what they know? No matter the answer, I think come May 26, a lot of organizations are going to be unprepared.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba