When GDPR becomes active on May 25 2018 it will be in the backdrop of time when the world needs to improve consumer privacy rights and bolster data management. Given the significance of this law, several reports have been commissioned to review the organizations’ level of readiness for adhering with GDPR requirements.
The latest survey completed by Alert Logic showed that only 5% of companies are compliant currently with EU GDPR. It is clear that most firms are entering to a difficult business environment because most of their processes would be found illegal and punishable under GDPR law come May 20018
With just 5% of European companies ready for GDPR, thia implies that 95% have less than seven months to make the necessary organizational changes. According to the survey results, 77% of organizations claimed to be knowledgeable of the new law. Worryingly, just 5% of companies are compliant with the requirements yet 77% claim to be aware of the provisions of GDPR. These results point to one main issue, the majority of companies have ignored the calls to prepare their organizations into compliance given that they are aware the applicable provisions.
Penalties Under GDPR
Going by the study results, GDPR authorities are likely to penalize a large amount companies because most of them will not be able to meet all the requirements. In fact, the study shows that 27% of organizations are unaware if they will be ready by the time the new EU regulation becomes active. Such non-compliant organizations are in danger of losing business and revenues as they will be forced to pay financial penalties. GDPR introduces a tough penalty regime which may be troublesome to most non-compliant companies. EU authorities will be remaining firm on adherence to the new law to uphold privacy and prevent data breaches that have cost many companies billions through cyberattacks.
GDPR brings in several important changes that aim to ensure strengthening data security, reduction of the time firms take to find breaches and empower them to become proactive in discovering and communicating data breaches.
However, many organizations face various hurdles that impede achieving compliance. According to the survey findings, half (50%) of the surveyed companies indicated that financial constraint was the greatest obstacle to GDPR compliance. Lack of in-house IT expertise was another major hurdle reported by 48% of the study respondents. A lack of knowledge of the provisions of this law was also referred to by 37% of the sampled organizations as being a challenge to being compliant with the law.
Most companies are concerned with regard to Article 25 in the GDPR legislation. This article refers to the approach that data controllers should take by introducing protection by design and by default. The implementation methods taken by article 25 requires firms to implement privacy and data protection strategies that begin from scratch. This may involve substantial redesigning and investment in protection controls and procedures. The companies’ concerns with Article 25, therefore, could be because of the need for a lot of financial resources to finance the entire process. This possibly explains why most organizations find that lack of finance is the most challenging aspect to attaining compliance.
The Alert Logic study showed that many organizations find it difficult to comply with their own data control processes. The results show that 61% of companies had formal processes that alerted authorities in case of a data breach.
However, only 39% could stick to those processes as necessitated. This finding indicates that compliant companies could still face data breach penalties due to failing to follow due processes. This is despite 42% believing that just a small amount of organizations will be hit with huge GDPR fines.