GDPR Deadline: A Horrorshow Or A Non-Event?

The seemingly endless studies on corporate readiness for the pending General Data Protection Regulation demonstrate that data truly can be made to say just about anything.

If recent surveys are to be believed, organisations are either fairly well prepared for the new data privacy mandate … or they will fail miserably at compliance.

As evidence, consider the results of two different studies of GDPR compliance readiness that were both released this week. One paints a fairly optimistic picture of corporate readiness. The other tells a tale of doom.

First the Good News

Companies are taking the new General Data Protection Regulation much more seriously than the Health Insurance Portability and Accountability (HIPAA) and Payment Card Industry Security Standards Council (PCI SSC), according to a survey conducted by Propeller Insights on behalf of Web application security company Netsparker.

About half of the more than 300 senior security executives surveyed online in March (49 percent) said their organisations are 75 percent of the way through the process of being compliant with GDPR, a set of regulations the European Union (EU) to protect citizens’ sensitive data from cyber security breaches. Organisations that fail to comply will face penalties when GDPR goes into effect May 25, 2018.

More than two thirds of the organisations (71 percent) are confident that they’ll be fully compliant by the deadline, but many of the organisations surveyed still are not compliant with PCI and HIPAA, the report said.

In preparation for GDPR, 57 percent of companies are re-engineering internal systems and procedures, 55 percent are recruiting new people specifically to tackle GDPR compliance, and 48 percent are re-engineering internal security teams.

For some, the cost of GDPR compliance will be steep, the report said. About one quarter of the organisations (24 percent) will spend between $100,000 and $1 million, and one in 10 said GDPR compliance will cost their business more than $1 million.

Now the Bad News.

A study by SAS on global readiness reveals that only 7 percent of US organisations consider themselves as GDPR compliant at this time, and only 30 percent expect to be by the May 25, 2018 deadline.

The picture is slightly better in Europe, where 53 percent of organisations surveyed expect to be GDPR compliant by May 25. Among global organisations, expected compliance falls to 46 percent.

The SAS survey does agree that data privacy is getting more attention, fueled in large part by the recent revelations of data sharing by Facebook with Cambridge Analytica.

It also agrees that the financial implications of non-compliance with GDPR have served as a wake-up call for many organisations on the need for better data transparence and security.

Some 93 percent of organisations in the SAS study do have a compliance plan in place, or they expect to have one. A majority of respondents also expect to gain long-term benefits in the areas of data management and data governance.

“Consumers are now demanding the kind of trust that GDPR requires,” noted Todd Wright, senior product marketing manager at SAS.

“Organisations that comply will have much stronger data management that leads to increased productivity and a better understanding and ability to serve their customers.”

Anticipated benefits from GDPR compliance and data privacy efforts, according to the SAS survey respondents are:

  • Improved data governance (cited by 84 percent)
  • Increased trust between organisations and customers (cited 68%)
  • Improved personal data quality
  • Improved organisational image
  • Movement toward being a data-driven organisation

Information Management

You Might Also Read: 

Cybersecurity Advice For SMEs:

Six Myths About  GDPR:

 

« Brexit Might Freeze The UK Out Of Robotics
AI Increases The Risks of Nuclear War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

LRQA

LRQA

LRQA are a leading global assurance provider, bringing together unrivalled expertise in certification, brand assurance, cybersecurity, inspection and training.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

Efecte

Efecte

Efecte is a Nordic SaaS company specialized in IT Service Management, Self-Service, Identity Management and Access Governance solutions.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

CyberASAP

CyberASAP

CyberASAP provides expertise, knowledge and support to convert academic ideas into commercial products in the cyber security space.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

HORNE

HORNE

HORNE is a professional services firm supporting clients in public, private & government sectors nationwide.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.