GDPR Deadline: A Horrorshow Or A Non-Event?

The seemingly endless studies on corporate readiness for the pending General Data Protection Regulation demonstrate that data truly can be made to say just about anything.

If recent surveys are to be believed, organisations are either fairly well prepared for the new data privacy mandate … or they will fail miserably at compliance.

As evidence, consider the results of two different studies of GDPR compliance readiness that were both released this week. One paints a fairly optimistic picture of corporate readiness. The other tells a tale of doom.

First the Good News

Companies are taking the new General Data Protection Regulation much more seriously than the Health Insurance Portability and Accountability (HIPAA) and Payment Card Industry Security Standards Council (PCI SSC), according to a survey conducted by Propeller Insights on behalf of Web application security company Netsparker.

About half of the more than 300 senior security executives surveyed online in March (49 percent) said their organisations are 75 percent of the way through the process of being compliant with GDPR, a set of regulations the European Union (EU) to protect citizens’ sensitive data from cyber security breaches. Organisations that fail to comply will face penalties when GDPR goes into effect May 25, 2018.

More than two thirds of the organisations (71 percent) are confident that they’ll be fully compliant by the deadline, but many of the organisations surveyed still are not compliant with PCI and HIPAA, the report said.

In preparation for GDPR, 57 percent of companies are re-engineering internal systems and procedures, 55 percent are recruiting new people specifically to tackle GDPR compliance, and 48 percent are re-engineering internal security teams.

For some, the cost of GDPR compliance will be steep, the report said. About one quarter of the organisations (24 percent) will spend between $100,000 and $1 million, and one in 10 said GDPR compliance will cost their business more than $1 million.

Now the Bad News.

A study by SAS on global readiness reveals that only 7 percent of US organisations consider themselves as GDPR compliant at this time, and only 30 percent expect to be by the May 25, 2018 deadline.

The picture is slightly better in Europe, where 53 percent of organisations surveyed expect to be GDPR compliant by May 25. Among global organisations, expected compliance falls to 46 percent.

The SAS survey does agree that data privacy is getting more attention, fueled in large part by the recent revelations of data sharing by Facebook with Cambridge Analytica.

It also agrees that the financial implications of non-compliance with GDPR have served as a wake-up call for many organisations on the need for better data transparence and security.

Some 93 percent of organisations in the SAS study do have a compliance plan in place, or they expect to have one. A majority of respondents also expect to gain long-term benefits in the areas of data management and data governance.

“Consumers are now demanding the kind of trust that GDPR requires,” noted Todd Wright, senior product marketing manager at SAS.

“Organisations that comply will have much stronger data management that leads to increased productivity and a better understanding and ability to serve their customers.”

Anticipated benefits from GDPR compliance and data privacy efforts, according to the SAS survey respondents are:

  • Improved data governance (cited by 84 percent)
  • Increased trust between organisations and customers (cited 68%)
  • Improved personal data quality
  • Improved organisational image
  • Movement toward being a data-driven organisation

Information Management

You Might Also Read: 

Cybersecurity Advice For SMEs:

Six Myths About  GDPR:

 

« Brexit Might Freeze The UK Out Of Robotics
AI Increases The Risks of Nuclear War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SecDev

SecDev

SecDev is a consulting firm working at the intersection of geopolitical, digital, urban, energy and cyber risk.

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Israel Aerospace Industries (IAI)

Israel Aerospace Industries (IAI)

IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

National Cryptologic Foundation (NCF) - USA

National Cryptologic Foundation (NCF) - USA

The National Cryptologic Foundation strives to influence the cryptologic future by sharing our educational resources, stimulating new knowledge, and commemorating our heritage.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

360 Advanced

360 Advanced

360 Advanced is a relationship-focused cybersecurity and compliance firm offering integrated compliance solutions customized to meet your business’ needs.