New research of European businesses, conducted by Kaspersky Lab, has revealed surprising variations in the levels of preparedness for the General Data Protection Regulation (GDPR). With less than nine months to go before the regulations become enforceable, there’s a surprising – and worrying – inconsistency of readiness levels across IT decision makers in Europe.
With businesses that process personal data within the EU continuing to grapple with their GDPR obligations, Kaspersky Lab set out to shed further light on the levels of awareness and preparedness for the regulation across Europe. Despite its decision to leave the EU, the UK will still fully comply with the GDPR. It joins France, Germany, Italy, Spain and the Netherlands in demonstrating much higher levels of readiness compared to their counterparts in Belgium, Portugal, Denmark and Norway.
When it comes to being aware of the GDPR, due to come into force on 25 May 2018, Belgian IT professionals ironically showed the lowest levels of awareness by a considerable degree – despite the law being passed in their capital. Worryingly, considering the potential financial penalties of non-compliance (up to 4 per cent of an organisation’s global turnover), a third (32 per cent) stated they had no awareness other than hearing the name and 16 per cent admitted they had no awareness at all.
This response was in stark contrast to the UK, where half (49 per cent) of respondents felt they have a good knowledge of the GDPR, closely followed by France (47 per cent), Germany (46 per cent) and Italy (46 per cent). This is certainly positive news for consumers, who are now paying more attention to how businesses handle their personal data.
The low level of awareness displayed by Belgian employees also translates into a lack of confidence in the ability to comply with GDPR, with 29 per cent of IT professionals in Belgium believing their organisation will not be fully compliant by the deadline, compared to only 13 per cent in Italy and 18 per cent in Spain. In addition, a third (33 per cent) of IT decision makers in Belgium and 46 per cent of those in Norway admitted they are not confident that those responsible for handling personal data in their organisations are aware that existing laws are changing.
The outlook is more positive for the EU “big five,” which are leading the way in terms of preparation. Four out of five of those questioned in the UK (82 per cent), France (82 per cent), Germany (84 per cent), Italy (85 per cent) and Spain (84 per cent) stated that preparations are well underway. However, 29 per cent of IT professionals in Denmark have made little or no preparations, closely followed by Portugal (26 per cent), Norway (25 per cent) and Belgium (18 per cent).
One in five (19 per cent) Belgian IT professionals are also unsure if preparations within their company have even started – a serious concern given that businesses have less than a year to become compliant, or face the risk of hefty financial penalties and reputational damage.
“The lack of awareness and action towards the GDPR by the IT profession across pockets of Europe is worrying. Many businesses are putting themselves and their clients at risk by not making vital preparations and changes now to the way personal information is harvested and secured. Many of the businesses affected by the legislation will have operations across Europe so the preparation gap is particularly alarming as such businesses should be sharing information about compliance across their business and have a clear point of responsibility within their company.
“The deadline is the same for every company no matter their size, industry or location, so action needs to be taken now to get data handling practices up to scratch before the wrath of the regulators makes the impact of GDPR a bitter pill to swallow, rather than a good thing for the data health of an organisation,” commented Adam Maskatiya, General Manager, UK & Ireland.
The research questioned over 2,000 IT decision makers in organisations with more than 50 employees. It was conducted in 11 European countries; the UK, France, Germany, Italy, Spain, Belgium, Netherlands, Portugal, Sweden, Denmark and Norway.
For further information go to: https://www.kaspersky.co.uk/gdpr.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.