Reports Suggest Many Organizations Aren’t Ready for GDPR

With the General Data Protection Regulation a month away from taking effect, two studies seem to suggest that plenty of organizations are unaware of the impact the regulation will have—or are freaking out about not being ready in time for the European Union’s rules.

A month out from one of the biggest regulatory changes in recent history, the word of the day about the European Union’s General Data Protection Regulation, which takes effect May 25, is “unsure.”

Earlier this month, a NetApp survey found that 76 percent of U.S.-based organizations that responded were worried about meeting the regulation’s deadline, while another 51.5 percent of U.S. respondents said they worry about damage to the organization’s reputation. Other concerns on the minds of U.S.-based respondents, per the NetApp survey [PDF], include revenue loss (50.2 percent), mistrust from customers (43.8 percent), mistrust from partners (39.7 percent), and company survival (40.4 percent).

A separate study from CompTIA, released Wednesday, found that just 13 percent of organizations said they were fully compliant with GDPR, while 52 percent of the 400 U.S. companies surveyed said they were either exploring if GDPR applied to their business, didn’t think it did, or were unsure of the impact.

Part of the problem, notes CompTIA President and CEO Todd Thibodeaux, is a lack of familiarity with the regulation—including a belief among some respondents that GDPR isn’t hitting for many months.

“Only one in four respondents claim to be very familiar with GDPR,” Thibodeaux said in a news release. “Some believe it applies primarily to companies in the EU; others, only to large multinational corporations. Alarmingly, three in ten companies believe GDPR does not go into effect until the end of 2018.”

NetApp Vice President of Legal Elizabeth O’Callahan noted that GDPR standards generally follow best practices for many organizations, so the lack of clarity among respondents to its research was concerning.

“GDPR compliance requires organizations to know where their data is and to be able to classify data and control the lineage of data—all capabilities that are essential for data analytics initiatives designed to deliver accurate business insight,” O’Callahan said in a news release. “These capabilities are also fundamental to the success of other digital transformation and omnichannel marketing initiatives, including mobile networks, AI and machine learning, IoT, robotics, and more.”

The two surveys differed in some respects—the CompTIA findings suggested that most organizations weren’t aware of what was coming (only 22 percent of organizations had a plan, per that study), while NetApp’s research seemed to suggest a general sense of dread about not being able to hit the deadline.

But the results, in tandem, suggest one thing: Many organizations are not ready for the regulatory storm that’s not too far off in the distance.

(roobcio/iStock/Getty Images Plus)

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!