GDPR Deadline: A Horrorshow Or A Non-Event?

Uploaded on 2018-05-07 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The seemingly endless studies on corporate readiness for the pending General Data Protection Regulation demonstrate that data truly can be made to say just about anything.

If recent surveys are to be believed, organisations are either fairly well prepared for the new data privacy mandate … or they will fail miserably at compliance.

As evidence, consider the results of two different studies of GDPR compliance readiness that were both released this week. One paints a fairly optimistic picture of corporate readiness. The other tells a tale of doom.

First the Good News

Companies are taking the new General Data Protection Regulation much more seriously than the Health Insurance Portability and Accountability (HIPAA) and Payment Card Industry Security Standards Council (PCI SSC), according to a survey conducted by Propeller Insights on behalf of Web application security company Netsparker.

About half of the more than 300 senior security executives surveyed online in March (49 percent) said their organisations are 75 percent of the way through the process of being compliant with GDPR, a set of regulations the European Union (EU) to protect citizens’ sensitive data from cyber security breaches. Organisations that fail to comply will face penalties when GDPR goes into effect May 25, 2018.

More than two thirds of the organisations (71 percent) are confident that they’ll be fully compliant by the deadline, but many of the organisations surveyed still are not compliant with PCI and HIPAA, the report said.

In preparation for GDPR, 57 percent of companies are re-engineering internal systems and procedures, 55 percent are recruiting new people specifically to tackle GDPR compliance, and 48 percent are re-engineering internal security teams.

For some, the cost of GDPR compliance will be steep, the report said. About one quarter of the organisations (24 percent) will spend between $100,000 and $1 million, and one in 10 said GDPR compliance will cost their business more than $1 million.

Now the Bad News.

A study by SAS on global readiness reveals that only 7 percent of US organisations consider themselves as GDPR compliant at this time, and only 30 percent expect to be by the May 25, 2018 deadline.

The picture is slightly better in Europe, where 53 percent of organisations surveyed expect to be GDPR compliant by May 25. Among global organisations, expected compliance falls to 46 percent.

The SAS survey does agree that data privacy is getting more attention, fueled in large part by the recent revelations of data sharing by Facebook with Cambridge Analytica.

It also agrees that the financial implications of non-compliance with GDPR have served as a wake-up call for many organisations on the need for better data transparence and security.

Some 93 percent of organisations in the SAS study do have a compliance plan in place, or they expect to have one. A majority of respondents also expect to gain long-term benefits in the areas of data management and data governance.

“Consumers are now demanding the kind of trust that GDPR requires,” noted Todd Wright, senior product marketing manager at SAS.

“Organisations that comply will have much stronger data management that leads to increased productivity and a better understanding and ability to serve their customers.”

Anticipated benefits from GDPR compliance and data privacy efforts, according to the SAS survey respondents are: