The day before the Memorial Day weekend marks the long-anticipated and much-dreaded deadline for compliance with the EU’s General Data Protection Regulation (GDPR).
A recent report by Crowd Research Partners revealed that only 40 percent of organizations are either GDPR-compliant or well on their way to compliance by the deadline, while 60 percent are at risk of missing the deadline. Just 7 percent of surveyed organizations said they were in full compliance with requirements and 33 percent said they were well on their way to compliance.
While 80 percent confirmed GDPR is a top priority for their organization, only half said they were knowledgeable or have deep expertise, while one-quarter (25 percent) had no or only very limited knowledge of the law.
The results are based on an online survey of IT, cybersecurity and compliance professionals in the 400,000-member Information Security Community on LinkedIn.
Are you ready for the deadline or heading toward the finish line? Or are you stuck in panic mode?
We spoke with several cybersecurity professionals on this issue, including: Gerard Doeswijk, data protection officer at SkyKick; Lee Aber, chief information security officer at OwnBackup; and Michael Hall, global head of information security and IT services at HighQ. Theresa O’Neil, vice president of marketing at Showpad, also joined the conversation.
Not being compliant will have a big impact on businesses, such as potential reputation damage and even fines of up to 4 percent of a company’s entire revenue, or 20 million euros, whichever is greater, Doeswijk said. And it’s clear there are still quite a few businesses, particularly SMBs, that are unsure of what they need to do for GDPR compliance, he said.
“The vagueness and extensive reach of the regulation has smaller companies expressing a lot of concern around the impending deadline,” he said. “If you’re only starting or if you feel you started too late, it is probably an enormous challenge to get compliant before the deadline. It should have been a project or a program you started early, giving room for discovery of what you process, for what purpose and under what legal ground.”
The ramifications for organizations that aren’t GDPR-compliant ultimately come down to lost business, O’Neil said.
“Many companies have strict vendor-selection processes in place to protect the personal data of customers,” she said. “There have been times at Showpad that we’ve stopped having conversations with potential tech vendors due to concerns around them being GDPR-compliant. Additionally, without personal data security, customers’ trust in brands is at stake, which can impact …