The deadline for General Data Protection Regulation (GDPR) compliance is just three weeks away, and around 60% of the companies are likely to miss the deadline, as per the 2018 GDPR Compliance Report by Crowd Research Partners.
GDPR is a kind of regulation that will require companies to protect the information and data of EU subjects and those who are dealing in any goods or services with the EU citizens. First approved and adopted by the parliament of EU in April 2016, it will generally come into action from 25th May 2018.
With this, the companies that are falling under European Union countries will need to comply with strict rules revolving around collection and usage of customer data, enforceable by the new GDPR law.
Here, the companies will need to implement strict data protection policies to safeguard the user data, like IP information, cookies, name, contact or address and ensure that it is not publicly available.
- Only 40% companies will be GDPR compliant by deadline
In last year’s survey, it was found that only 5% companies were in full compliance for GDPR. The number hasn’t improved much till then, with only 7% companies indicated compliance readiness in the latest GDPR compliance survey.
According to the report, 33% of the companies expected to meet all the compliance requirements before the deadline.
32% companies had started the compliance process but were not sure about meeting the deadline. Whereas, 28% had plans but hadn’t made any progress.
- Half of the companies quite familiar with GDPR
50% of the companies had either deep knowledge or were quite familiar with GDPR regulation. Whereas, one quarter of the companies knew some details about GDPR.
What’s shocking is that despite the publicity surrounding GDPR, 25% of the companies had either very limited knowledge or no knowledge at all.
- Majority of companies consider GDPR compliance a priority
Most of the companies (80%) considered GDPR compliance a top priority, with 34% counting it among top three priorities, and 46% counting it among a number of priorities.
Whereas, 20% of the companies were not even counting GDPR compliance a priority.
- Top GDPR Compliance challenges
The lack of expert staff (43%) and lack of budget (40%) were the primary challenges for companies to become GDPR compliant, revealed the survey.
The other significant challenges for GDPR compliance were limited understanding of regulations (31%), lack of necessary technology (23%), and lack of management support (20%).
- GDPR compliance efforts will increase data governance budget
56% of the companies expected rise in their data governance budget to tackle the GDPR compliance challenges. 39% companies believed that it would neither increase nor decrease their budget, while only 5% expected a decline.
- Majority of companies expect to make minor changes in security practices
The survey respondents cited cybercriminals (60%) and accidental loss by employees (57%) as the biggest threat to their organization’s data.
To become GDPR compliant, 28% of the companies said that they would need to make major changes to their security practices and systems.
A majority of companies (56%) expected minor changes, whereas 16% expected no change at all.
- Majority of companies to spend at least 500 staff hours this year on GDPR efforts
Around 77% of the companies said that they would need to spend at least 500 staff hours this year on GDPR compliance.
Whereas, 23% expected to spend more than 1000 hours this year on the GDPR compliance efforts.
- 63% companies will take more than two months (from survey date) to become GDPR compliant
Majority of companies (63%) said that they would need more than two months from the survey date, to become GDPR compliant. 37% expected to spend at least two months more, whereas 14% will need more than 48 months.
For the comprehensive report, the IT, cybersecurity and compliance professionals in 400,000-member Information Security Community on LinkedIn were surveyed.
Images source: 2018 GDPR Compliance Report
