Worldwide confusion and lack of preparation in the face of looming GDPR deadline

With the GDPR (general data protection deadline) deadline set for May 25, 2018, an independent global survey commissioned by WatchGuard Technologies shows that many organisations are ill prepared due to uncertainty about the criteria for compliance.

The results show that 37% of respondents don’t know whether their organisation needs to comply with GDPR, while 28% believe they don’t need to comply at all.

Respondents in the UK appear better informed, with 25% of ‘don’t knows’ and 13% under the impression that they do not need to comply. 

The survey, which examines the views of more than 1,600 organisations and was conducted by independent market research firm Vanson Bourne, indicates widespread confusion about GDPR compliance criteria and an overall lack of preparation.

According to the GDPR criteria, any company that stores or processes personal information about EU citizens must demonstrate compliance. Of the respondents who don’t believe the law applies to their organisation, one in seven collect personal data from EU citizens, while 28% of respondents unsure about compliance also said that they collect this type of information.

The results show that many companies are misinterpreting which types of data constitute a mandate for compliance. 

“Once enforcement for this new legislation begins, companies all over the world will feel its impact,” Corey Nachreiner, chief technology officer of WatchGuard, said. “Unfortunately, the data shows that an alarming number of organisations are still unaware or mistaken about the need for GDPR compliance, leaving them three steps behind at this stage.

“In the Americas, just 16% of organisations believe they need to comply. With sensitive customer data and non-compliance fines at stake, every company with access to data from European citizens needs to ensure they truly understand GDPR and its ramifications.” 

For organisations that are not yet GDPR compliant, respondents estimate it will take an average of seven months to complete the requirements.

“Companies stand to lose 4% of their worldwide revenue if they haven’t met all the requirements by next May,” Corey said. “The only way to prevent unnecessary fines and frustration is to take a good hard look at the criteria, assemble a GDPR plan of action, and begin implementing it immediately.”